Windows 7 / Getting Started

Viewing Event Logs

The Application, System, Security, and Setup logs are now located under the Windows Logs node in the Event Viewer tree view. An event summary view including the name, type, number of events, and size of each log is displayed when this node is selected. To view events in a log, select the log you want to view in the left pane.

Hardware Events, Windows Internet Explorer, and other Windows components and application events are accessible under the Applications And Services Logs node. Applications And Services Logs are a new category of event logs that store events from a single application or component rather than events that might have system-wide impact. Normally, available application or service logs will be listed in a hierarchy under the manufacturer and product name. (Some event providers that do not follow the naming convention that allows such categorization may show up directly under the Applications And Services node.) A summary view, including the name, type, number of events, and size of each log, is displayed when the Applications And Services node or any subnode that contains logs is selected in the Event Viewer tree view. If other applications are installed, such as Microsoft Office 2007 applications, additional Applications And Services Logs may be displayed.

As explained previously, Application and Services Logs include four log subtypes: Admin, Operational, Analytic (trace), and Debug logs. Events in Admin logs are of particular interest to IT professionals who use Event Viewer to troubleshoot problems, because events in the Admin log provide guidance on how to respond to the event. Events in the Operational log are also useful for IT professionals but sometimes require more interpretation.

Analytic and Debug logs are not as user friendly and are mostly designed to be used by advanced administrators and developers. Analytic logs store events that trace an issue, and often a high volume of events are logged. Debug logs are used by developers when debugging applications. Both Analytic and Debug logs are hidden by default. If you will be working with these types of logs and want to see them in the Event Viewer, select the Show Analytic And Debug Logs menu option from the View item on the Actions pane. Then, to turn logging into a particular Analytic or Debug log on or off, select the log of interest and click Enable Log or Disable Log on the Actions pane. Alternatively, you can also enable or disable Analytic and Debug logs by typing wevtutil sl log_name /e:true at an elevated command prompt. For more information concerning Wevtutil.exe, see the section titled "Using the Windows Events Command-Line Utility for Event Monitoring" later in this tutorial.

Important When you enable Analytic (trace) and Debug logs, they usually generate a large number of entries. For this reason, you should enable them only for a specified period to gather troubleshooting data and then turn them off to reduce the associated overhead.

You can view the events in a log by highlighting the log you want to view in the left pane. Most Microsoft components that have their own channel are displayed under the Microsoft node.

Note By right-clicking an event and selecting Attach Task To This Event, you can open the Task Scheduler Wizard with the Event Log, Event Source, and Event ID fields automatically pre-populated. Doing this lets you attach any task to an event by using Task Scheduler. For more information, see the section titled "Using Task Scheduler" later in this tutorial.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 Desktop Maintenance
  2. Performance Monitoring
  3. Improvements to Performance Monitoring in Windows 7
  4. Using Performance Monitor
  5. Real-Time Performance Monitoring
  6. Performance Monitor Logging
  7. Creating a Data Collector Set
  8. Configuring a Data Collector Set
  9. Using Data Manager to View Performance Data
  10. Starting and Stopping Data Logging
  11. Viewing Performance Data
  12. Comparing Performance Monitor Logs
  13. Performance Monitor User Rights
  14. Remote Data Collection
  15. Using Windows PowerShell for Performance Monitoring
  16. Resource Monitor
  17. Overview Tab
  18. CPU Tab
  19. Memory Tab
  20. Disk Tab
  21. Network Tab
  22. Reliability Monitor
  23. How Reliability Monitor Works
  24. Windows Performance Tools Kit
  25. Event Monitoring
  26. Understanding the Windows Event Architecture
  27. Channels
  28. Improvements to Event Monitoring in Windows 7
  29. Using Event Viewer
  30. Understanding Views
  31. Viewing Event Logs
  32. Saving Event Logs
  33. Configuring Event Subscriptions
  34. Considerations for Workgroup Environments
  35. Creating a New Subscription
  36. Using the Windows Events Command-Line Utility for Event Monitoring
  37. Using Windows PowerShell for Event Monitoring
  38. Using Task Scheduler
  39. Improvements to Task Scheduler in Windows 7
  40. Understanding Tasks
  41. Understanding the Task Scheduler Architecture
  42. Understanding Task Scheduler Security
  43. Credentials Management
  44. Securing Running Tasks
  45. Understanding AT and Task Scheduler v1.0 Compatibility Modes
  46. Understanding the Task Scheduler Snap-in
  47. Understanding Default Tasks
  48. Creating Tasks
  49. Defining Triggers
  50. At Startup Trigger
  51. On Connection To AND Disconnect From User Session Triggers
  52. On Workstation Lock AND Unlock Triggers
  53. Defining Actions
  54. Defining Conditions
  55. Defining Settings
  56. Managing Tasks
  57. Viewing History
  58. Using SchTasks.exe for Creating and Managing Tasks
  59. Task Scheduler Events
  60. Troubleshooting Task Scheduler
  61. Tasks Won't Run If the Service Is Not Started
  62. The Task Will Run Only When a Certain User Is Logged On
  63. The Task Action Failed to Execute
  64. Interpreting Result and Return Codes
  65. Understanding the Windows System Assessment Tool
  66. Understanding WinSAT Assessment Tests
  67. Examining the WinSAT Features Assessment
  68. Running WinSAT from the Command Line
  69. Understanding WinSAT Command Exit Values
  70. Running WinSAT Using Performance Information and Tools
  71. System Capabilities Section
  72. OEM Upsell And Help Section
  73. Understanding Windows Error Reporting
  74. Overview of Windows Error Reporting
  75. How WER Works
  76. Store Management System
  77. ReportArchive Folder
  78. WER Service
  79. Understanding the Error Reporting Cycle
  80. Understanding WER Data
  81. Configuring WER Using Group Policy
  82. Configuring WER Using the Action Center