Logs are record or collection of events which take place on the computer, either by a running process or by any person. They enable you to keep a track on the activities and also helps you fix bugs.
In Windows, the most common location for logs is Windows event logs. Windows event logs consists of logs from several applications and also from the operating system. Logs also originate from Internet Information Server (IIS). Logs have a proper structured format which makes it easier for us to analyze.
What are Windows Event Logs?
Windows event logs are a compilation of a system’s notifications as well as alerts. As Microsoft rightly states an event as “any significant event in the program or in the system which requires users to get notified or an entry gets logged”.
Windows OS classifies the events on the basis of their type. Information event will describe successful task completion like application installation. Warning event will notify the admin of any problem like low disk space or high memory utilization. Error message will show critical issue which might lead to loss of functionality. Success audit event will show audited security event’s completion for example end user successfully logged on. Failure audit event indicated an audited security event which failed to complete successfully, for example an end user locked himself/herself by putting incorrect passwords.
Each and every event in log entry consists of the following information:
Computer: Name of the computer
Source: Component or program that triggered the event
Time: What time the event triggered/ time of occurrence.
Date: When the event occurred/ date of occurrence.
Type: Event type
Event type is further classified as –
- Success Audit
- Security Failure Audit
Event ID: Windows identification number which specifies the type of the event.
User: User name of the user who was logged on when the event occurred.
In any enterprise, event logs can prove to be of great help to any administrator for identifying and diagnosing the source of the current system’s problems and furthermore to help predict future problems. All the entries of Windows event logs can be accessed through Windows Event Viewer. Windows Event Logs are found in Windows Server 2012, Vista, Windows 7 and Windows Server 2008 R2.
What is Windows Event Viewer?
All the events logs of Windows are displayed in Windows Event Viewer. Windows Event Viewer lets you navigate and view the Windows Event Logs, filter and search on specific type of logs, also export those logs for analyzing and much more.
Let’s get started with a screenshots walk-through, to get a brief idea on the available features.
Getting Started with Windows Event Viewer
There are numerous ways to access Windows Event Viewer, traditional method would be to open it from Control Panel. We have showed simple 3 step approach using 4 different methods.
To open Windows Event Viewer using Control Panel follow 3 simple steps –
- Go to Control Panel
- Navigate to Administrative Tools
- Then double click on Event Viewer
To open Windows Event Viewer using Server Manager follow 3 simple steps –
- Go to Server Manager
- Navigate to Tools Menu
- Select Event Viewer from the drop down list
To open Windows Event Viewer using Computer Manager follow 3 simple steps –
- Go to Computer Manager
- Choose System Tools
- Select Event Viewer
To open Windows Event Viewer using Command prompt follow 3 simple steps –
- Open Command Prompt
- Type EVENTVWR
- Press Enter
Performance is one of the most important KPI of any application or system. Objective is to track performance of windows & applications in details. Event logs have all sorts of information and how this information can be leveraged to derive intelligence out of it and thus leading to optimized performance of Windows OS.
There is much more to it, all the details are segregated in sections – Detail Pane, Action Pane & Navigation Menu.
Managing logs in the most beneficial way is one of the greatest keys to flawless operations in any IT infrastructure.