Article ID : 00125684 / Last Modified : 07/29/2015

How to access and use the Event Viewer.

Applicable Products and Categories of This Article

From the time you switch it on, the Windows® operating system records everything done on the computer and saves that information to log files. The Event log is the record of alerts and notifications that occur on the computer. An event is any significant occurrence on the computer or in a program that requires you to be notified or an entry added to a log. With the Event Viewer, you can view all the logs and see what is working properly and what may be an indication of current or pending problems.

Follow these steps to open the Event Viewer.

IMPORTANT: The Event Viewer is a large and detailed tool, the operations of which cannot be completely illustrated in this answer. We will use a few examples here to give you a general idea as to how the tool works, but we encourage you to explore the abilities of the tool on your own. If you find you need it, the Help button on the file menu is always available to assist you with specific questions you may have regarding how to use the Event Viewer.

Event Viewer Help

  1. Right-click the Start button, or press the Windows Logo + X key combination on the keyboard and from the list, click to select Event Viewer.

    Event Viewer

    NOTE: It may take several seconds for the Event Viewer to be displayed.

  2. In the Event Viewer window, there are three different segments: the left column is for navigation, the center section for viewing events, and the right column for actions.

    Event Viewer Sections

  3. On the left column, double-click Windows Logs to expand that category and you will see the following log types: Application, Security, Setup, System and Forwarded Events.

    Windows Logs

  4. On the left column, under Windows Logs, click to select the Application log and, in the center section, you see a huge list of information displayed. These are logged events specific to just applications.

    NOTES:

    • The operating system classifies each event by type:
      • Critical: This event type indicates a significant problem exists which requires immediate attention.
      • Error: This event type indicates a significant problem exists which could result in a loss of functionality.
      • Warning: This event type indicates the existence of a potential problem, such as low disk space.
      • Information: This event type indicates the successful completion of a task, such as installing an application or program.
      • Audit Success: This event type indicates the completion of an audited security event, such as having successfully logged into Windows.
      • Audit Failure: This event type indicates an audited security event that did not complete successfully, such as entering an incorrect password.
    • Because applications are not critical to the functioning of the operating system and not part of an Auditing routine, the Applications log information is categorized using only three of these event types: Information, Error, and Warning.
  5. To view specific information about an event, in the center section, click to select the event, and then in the right column, click Event Properties.

    Event Properties

    NOTES:

    • The Security log will provide you a list similar to the one for the Applications log, but most of the messages you will be for Audit Success events.
    • The Setup log will log an event whenever you install a new program, or each time you update Windows or software.
    • The System log will display system messages produced by installed device drivers and by the operating system. Warning events are stored here if a drivers fails to load properly.
    • The properties for each event in a log entry will include the following information:
      • Source: The program or component that caused the event. of the event.
      • Event ID: A Windows identification number that specifies the event type.
      • Level: The type of event (Information, Warning, Error, Audit Success: or Audit Failure:.)
      • User: The user name of the user who was logged on when the event occurred.
      • Logged: The time and date the event occurred.
      • Computer: The name of the computer.