The Event Viewer doesn't look like a very exciting Windows componment. If your PC is unstable you might use it to check for error messages, but otherwise, well, that's about all. Or is it?
Look a little closer and you'll discover that the tool has all kinds of useful additional capabilities. It can sometimes be hard to find important events using the default settings, but creating a custom view will help you zoom in quickly on the data that really matters, which can be an essential troubleshooting aid.
If you have a network, then you can set up one copy of the Event Viewer to collect events from several PCs, and manage them all centrally.
One excellent feature gives you the ability to run a particular program or task when a given event occurs. If a program crashes you could restart it, for example. If you're short on hard drive space, you could delete your temporary files – whatever you like.
Then there are the secret Event Logs that you may not even know exist, the leftover logs that need to be deleted, the hidden management features and a whole lot more.
Please note, while we're focusing on the Windows 7 Event Viewer here, much of what we're saying also applies to Vista and even XP. Whichever version of Windows you're using, the Event Viewer deserves a much closer look.
The basics
Event viewer
The prime purpose of Event Viewer is to act as a log for various applications and Windows components. Many of these issues don't have an interface, or don't report all their problems and status issues via alert messages, so if you want to find out what's really going on with your PC then it's essential to take a look at the Event Viewer on a regular basis.
You can access the viewer via the Control Panel (go to 'System and security | Administrative tools | View event logs' if you're using Windows 7), but we find it easier to launch the tool directly: click 'Start', type eventvwr.msc, click the 'Event Viewer' link and it will pop up in a second or two.
If you just want to find out more about your PC, then you can expand the 'Windows Logs' section of the tree and browse the Application, Security, Setup and System logs for any interesting looking events.
These logs are presented in reverse chronological order, so the most recent events are at the top and as you scroll down you'll move back in time.
What will you see here? It depends entirely on the setup of your system, but we checked a test PC and came up with many interesting entries. There were detailed error messages for application and system crashes, for instance. If you come home and someone tells you the PC crashed an hour ago, but they can't remember the error message, the Event Log may tell you more.
We found performance-related information, including an Outlook message that said its launch was delayed because of a particular add-on. There were also warnings about four boot drivers that had failed to load. That's information we wouldn't have found anywhere else, and could explain all kinds of odd system behaviour.
Other issues
There were also events relating to the PC startup and shutdown process, installed programs, hardware problem, and many other issues. You wouldn't want to browse the Event Viewer for fun, but if you're having any kind of computer issues then it's wise to give it a closer look – you just might find the clues you need to uncover their real cause.
The problem with scrolling through the main Windows logs is that there are only a few interesting events, and they're masked by a great deal of irrelevant junk. Fortunately the Event Viewer provides several alternatives that will help you zoom in on the data that matters.
Custom view
The Windows 7 Event Viewer, for instance, opens with a useful 'Summary of Administrative Events'. Particularly important event types, such as 'Critical', 'Error' and 'Warning', are listed right at the top and you can expand these to find out more.
Trying this on our test system revealed seven disk errors in the past week. Double-clicking the entry revealed the details, and it turned out one of our drives was experiencing controller errors. Could the drive be about to fail? We're not sure, but at least the Event Viewer has given us a warning so we can back it up.
Another possible option is to expand the 'Applications and Services Logs' section of the viewer. This area contains logs dedicated to applications and areas of your system, such as hardware events, Internet Explorer and Media Center.
Perhaps the most important log here is a little buried, though. Browse to 'Applications and services logs | Microsoft | Windows | Diagnostics-Performance | Operational' and you'll find information about your PC's boot and shutdown processes. Again, everyone will see different things, but when we checked this log on our PC we found a wealth of essential data.
There were events warning us that the Bonjour Service, Function Discovery Resource Publication Service and Orbit Downloader were all causing delays in the system shutdown process. Other events pointed fingers at particular programs for delaying our PCs boot, too – if we were to remove anything non-essential, our system would speed up.
There were general warning events too, such as 'Video memory resources are over-utilised and there is thrashing happening as a result'. If your PC seems slow, or unstable, then this could be a clue. Simply closing some windows could make all the difference, as might updating the video drivers.
As usual, these logs are packed with clues to all sorts of problems, many of which you may not even realise you have. Take a look – it's surprising what you can learn.
Subscriptions
Subscriptions
The Event Viewer isn't only able to reveal issues with your own PC. It can also collect information on Vista or Windows 7 systems all across your network, so you can troubleshoot many problems from the comfort of your own desktop.
To set this up you must prepare the remote computers to forward events. First launch an elevated command prompt on each of these (do this by right-clicking the link 'cmd.exe' and selecting 'Run as administrator'), then enter the command winrm quickconfig.
Next, go to the central PC where you'll be collecting these events, launch another elevated command prompt and enter the command wecutil qc.
You can then launch the Event Viewer on the collecting computer, click 'Subscriptions | Create subscription' and tell the system exactly which events you'd like to collect from which computers. These will then appear in the log you specify, and you'll be able to view and filter them just as you can events on your own computer. Well, that's the basic principle at least.
In practice, there are usually some complications. You might have to specifically allow the Remove Event Log Management process to connect through your firewall, for instance, and you'll need to add an account with administrator privileges to the Event Log Readers group on each of the remote PCs. Check the 'Event viewer help' file under 'Manage subscriptions' for more details.
Run a task
Alert
So far we've only used Event Viewer in a passive way, allowing it to record what various apps are doing, but the best part of the tool is that it can also be active and dynamic, responding to events with the specific action that you choose.
Suppose one of your favourite apps has its own event log, for instance. It might only add one event a week, but that event might be very important and you may want to know about it right away. Is this a problem? Not at all. In a few clicks you can be alerted whenever a new event appears.
To make this happen, launch Event Viewer, expand the 'Applications and services logs' section of the tree, right-click your log of choice and select 'Attach a task to this log'. Click 'Next' twice, choose the 'Display a message' option, and click 'Next' again. Enter a title for your message, then the message itself, and click 'Next'. Click 'Finish' and that's it – Windows will now display a pop-up alert with your selected message whenever an event is placed in this particular log.
You can also attach a task to a specific event. If you see something that might be really important, like a message that a hard drive is returning controller errors, then right-click it, select 'Attach a task to this event' and the wizard will appear. With a few clicks, you can ensure that you're informed directly about important events, rather than just hoping you'll catch them later.
Perhaps most usefully, the Event Viewer can also launch a task in response to a particular event. If your system is regularly displaying some low-level drive error, for example, you could automatically launch Windows chkdsk or some other drive error checker to confirm that all is well.
If you're running short of hard drive space and related events are appearing, you could have these launch something like CCleaner to quickly free up a little space.
The principle is the same: right-click an event and select 'Attach a task to this event' to launch the Create Basic Task Wizard. This time, when you get to the 'Action' point, select 'Start a program'. Click 'Next', choose your program or script and any optional command line arguments, then click 'Next', finish the wizard and your configuration is complete.
Event details
Windows will now respond automatically to events as they occur, which could mean your PC problems are fixed before you realise they've occurred.
Read the views of online Certification Experts, which provide the real questions and correct answer and explanation for the students / professionals who are seeking or enhancing their level of expertise. more at certkingdom.com
