Windows Event Viewer is a tool that stores a log of applications and system messages. This log contains errors, warnings and the system messages that can help you reach the root cause of any unpredictable behavior of your system.
Working with Event Viewer
You can launch event viewer from the Desktop by pressing the “Win +X + V‘ in Windows 8. There are three panes in Event Viewer: Console tree, Event Viewer and Actions pane.
Console tree displays the types of logs that you can view. You may understand ‘Console Tree’ as a ‘Log Explorer’.
The middle pane is the Event Viewer which gives an overview of logs. It is the same pane in which you will find detailed log information, errors and warnings. Actions pane allow you to play with the way you view information and some other important tasks, which we will cover soon.
- Go to View -> Customize.
- Customize View Dialog box appears with every option mentioned next to a check box. You can check amongst the list to select the options which should be displayed.
Sorting Event Logs
Sorting is a useful technique which displays data in a more readable form. We can apply sorting to event logs on the basis of level, source, task id,category, time and date. If you want to track a particular event, sort the event log w.r.t event id. To apply sorting:
- Select any event log.
- Go to View -> Sort by -> Level.
However there’s one limitation that it arranges the log according to the specific category but displays the complete list. If you want to see few records of your interest, you may have to create a custom view.
Creating custom views
Now lets talk about creating the custom views in the Windows Event Viewer. You can create and save multiple custom views to monitor different logs. Creating custom views with Windows Event Viewer is a simple procedure.
- Go to Action Pane –> Create Custom View
- You can now specify the multiple filtering criteria to track any event
- You can select only one event log or multiple event logs and the event sources from the drop down list
- You can also specify any particular event id and the users who can view the filtered result
- Press Ok –> Give a name and save the view
- You may notice your newly created view in the console tree
Custom views can be saved, imported and exported easily using the options in the Action Pane. You may also change the criterion to display a log.
- Select the required custom view
- In the Action Pane –> Filter current custom view
- It will open the custom view settings which can be changed
Attaching a task to an event
‘Task Scheduler’ is a tool that enables you to create scheduled and unscheduled tasks that could perform a specific action at a particular time or as a response to any event.
You may also create a basic task directly from the Event Viewer. Let’s say, you want to run a particular application whenever you log in.
- Select the event
- In the Action pane –> Select ‘Attach task to this event’
- It will open create a basic task wizard
- Give a proper name and description to the task
- The event details are already filled by default
- Now select an action you want to perform when the event takes place. You can start any program, send an email or display a message
- Finish step will display the task details. You can go back if anything goes wrong, else click finish
Event Viewer can be a great tool for troubleshooting apps and Operating System crashes. You only need to use it correctly. Hopefully this tutorial will help you make better use of Windows Event Viewer.
