Event Viewer is a tool that displays detailed information about significant events on your computer. Event Viewer can be helpful when troubleshooting problems and errors with Windows and other programs.
This tutorial will show you the basics about how to open and use Event Viewer to read the information in event logs in Windows 7.
Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever these types of events occur, Windows records the event in an event log that you can read by using Event Viewer. Advanced users might find the details in event logs helpful when troubleshooting problems with Windows and other programs.
Event Viewer tracks information in several different logs.
The Windows Logs category includes the logs that were available on previous versions of Windows: the Application, Security, and System logs. It also includes two new logs: the Setup log and the Forwarded Events log. Windows logs are intended to store events from legacy applications and events that apply to the entire system.
Application (program) – Events are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that isn’t necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.
Security – These events are called audits and are described as successful or failed depending on the event, such as whether a user trying to log on to Windows was successful.
Setup – Computers that are configured as domain controllers will have additional logs displayed here.
System – System events are logged by Windows and Windows system services, and are classified as error, warning, or information.
Forwarded Events – These events are forwarded to this log by other computers.
Applications and Services Logs:
Applications and Services Logs vary. They include separate logs about the programs that run on your computer, as well as more detailed logs that pertain to specific Windows services. This category of logs includes four subtypes: Admin, Operational, Analytic, and Debug logs.
Admin – These events are primarily targeted at end users, administrators, and support personnel. The events that are found in the Admin channels indicate a problem and a well-defined solution that an administrator can act on. An example of an admin event is an event that occurs when an application fails to connect to a printer. These events are either well documented or have a message associated with them that gives the reader direct instructions of what must be done to rectify the problem.
Operational – Operational events are used for analyzing and diagnosing a problem or occurrence. They can be used to trigger tools or tasks based on the problem or occurrence. An example of an operational event is an event that occurs when a printer is added or removed from a system.
Analytic – Analytic events are published in high volume. They describe program operation and indicate problems that cannot be handled by user intervention.
Debug – Debug events are used by developers troubleshooting issues with their programs.