Home > Articles > Home & Office Computing > Microsoft Windows Vista & Home Server

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Reviewing Event Viewer Logs

Windows Vista constantly monitors your system for unusual or noteworthy occurrences. It might be a service that doesn't start, the installation of a device, or an application error. Vista tracks these occurrences, called events, in several different event logs. For example, the Application log stores events related to applications, including Windows Vista programs and third-party applications. The System log stores events generated by Windows Vista and components such as system services and device drivers.

To examine these logs, you use the Event Viewer snap-in, which has a much-improved interface in Windows Vista. You get to the Event Viewer by using any of the following techniques (in each case you must also enter your UAC credentials):

  • Select Start, right-click Computer, click Manage, and then click Event Viewer.
  • Press Windows Logo+R (or select Start, All Programs, Accessories, Run), type eventvwr.msc , and then click OK.
  • Select Start, Control Panel, System and Maintenance, and under Administrative Tools, click the View Event Logs link.

Figure 15.15 shows the home page of the Event Viewer, which offers a summary of events, recent views, and available actions. (If you don't see the Action pane, click the Show/Hide Action Pane toolbar button, pointed out in Figure 15.15.)

15fig15.jpg

Figure 15.15 The Event Viewer is much improved in Windows Vista, with a new interface and new features.

The scope pane offers three branches: Custom Views, Windows Logs, and Applications and Services Logs.

The Custom Views branch lists the event views defined on your system (as described later). If you filter an event log or create a new event view, the new view is stored in the Custom Views branch.

The Windows Logs branch displays several sub-branches, four of which represent the main logs that the system tracks (see Figure 15.16):

  • Application— Stores events related to applications, including Windows Vista programs and third-party applications
  • Security— Stores events related to system security, including logons, user accounts, and user privileges
  • Setup— Stores events related to Windows setup
  • System— Stores events generated by Windows Vista and components such as system services and device drivers
15fig16.jpg

Figure 15.16 Click a log to see a list of the events in that log.

You should scroll through the Application and System event logs regularly to look for existing problems or for warnings that could portend future problems. The Security log isn't as important for day-to-day maintenance. You need to use it only if you suspect a security issue with your machine; for example, if you want to keep track of who logs on to the computer.

When you select a log, the middle pane displays the available events, including the event's date, time, and source; its type (Information, Warning, or Error); and other data. Here's a summary of the major interface changes and new features that you get when viewing a log in Vista's Event Viewer:

  • The Preview pane shows you the basic event data in the General tab, and more specific data in the Details tab. You can toggle the Preview pane on and off by selecting View, Preview Pane.
  • Event data is now stored in XML format. To see the schema, click XML View in the Preview pane's Details tab.
  • The Filter command now generates queries in XML format.
  • You can click Create Custom View to create a new event view based on the event log, event type, event ID, and so on.
  • You can attach tasks to events. Click the event you want to work with and then click Attach Task to This Event in the Action pane. This launches the Scheduled Tasks Wizard, which enables you to either run a program or script or have an email sent to you each time the event fires.
  • You can save selected events to a file using the Event File (.elf) format.

The Applications and Services Logs branch lists the programs, components, and services that support the standard event-logging format that is new to Windows Vista. All the items in this branch formerly stored their logs in separate text files that were unavailable in older versions of Event Viewer unless you specifically opened the log file.

  • + Share This
  • 🔖 Save To Your Account