Event Viewer, shown in Figure 1,
enables you to view event logs that are created by the operating
system. This utility is useful when troubleshooting problems that occur
on your computer.
Whenever an error occurs, an event is usually placed in one or more event logs. To open Event Viewer, click Start => Control Panel => System and Security => Administrative Tools => View Event Logs.
Whereas o!d versions
of Event Viewer contained only the Application, Security, and System
logs, the Windows 7 version of Event Viewer contains the following
Windows logs:
Application
Security
Setup
System
Forwarded Events
The Application tog is used to log events telating to applications, such as whether an application, driver, or service fails. The Security log is used to log security events, such as successful or failed logon events. The Setup log is used only by domain controllers, so it doesn't have much practical use in Windows 7. The System log is used to log events related to the operating system and related services. The Forwarded Events log is used to collect events that have been forwarded from other computers.
To configure log settings,
right-click the log that you want to configure and select Properties.
The Log Properties dialog box appears. The Application log properties
are shown in Figure 2.
The Log Properties dialog box shows the following information:
The full name of the log
Where the log is stored
The size of the log
When the log was created, modified, and accessed
Whether logging is enabled for the log
The maximum log size in KB
The action that occurs when the log reaches the maximum size
The left pane of Event Viewer
is where you find the Windows logs noted previously, but it also
contains other logs and views that can be helpful when troubleshooting a
specific application. The Custom Views section can be used to create a
view that contains only the information you want to see, such as only
events in a particular log or only Critical events. One custom view,
Administrative Events, is created for you by default, as shown in Figure 3.
The Administrative
Events view contains Critical, Error, and Warning events from all logs,
enabling you to easily view only the most important events. Another
section in the left pane contains logs that relate to Applications and
Services^ as shown in Figure 4.
The Microsoft folder
within the Application and Services log contains many other logs related
to specific Microsoft components and applications.
The Subscription
folder enables you to receive event logs from other computers. Having
other machines send events to one machine is useful to us as it gives us
one central repository to view events from multiple locations. To use
subscriptions, you must start the Windows Event Collector Service.
The center pane of Event
Viewer displays the events and information that relates to those events.
You can also view a summary of your administrative events, which
contains a count of Critical, Error, Warning, Information, Audit
Success, and Audit Failure events. A count of these events is displayed
for the last hour, day, and week, and the total number of events is also
provided. Each event is assigned an event level of Critical, Error,
Warning, Information, or Verbose.
The right pane of Event Viewer
enables you to perform actions related to items you have selected in
the left and center panes. You can save logs, open saved logs, create or
import views, clear logs, filter logs, and find logs with certain
keywords. You can also attach a task to an event. Clicking Attach Task
To This Event opens the Create Basic Task Wizard in Task Scheduler so
you can easily create a task related to the selected event.
Perform Exercise 1 to view events in Event Viewer and set log properties.
Choose Start => Control Panel => System And Security => Administrative Tools => View Event Logs, or type Event Viewer into the Windows 7 search box. Open Windows Logs and click System in the left pane of the Event Viewer window to display the System tog events. Double-click the first event in the center pane of the Event Viewer window to see its Event Properties dialog box. After you view the Event Properties, click the Close button to close the dialog box. Right-click System in the left pane of the Event Viewer window and select Properties. Configure
the System log to archive the log file when it is full by clicking
Archive The Log File When Full; Do Not Overwrite Events; click OK to
close the dialog box. Right-click System in the left pane of the Event Viewer window and select Filter Current Log. Select
the check boxes next to Critical and Error boxes; then click OK (you
will see only Critical and Error events listed in the System log). Right-click System and select Clear Log. A dialog box appears that asks whether you want to save the System log before you clear it; click the Save And Clear button. Specify
the path and filename for the log file, and then click the Save button
(the events will be saved in an .evtx file, and the events will be
cleared from the System log).
|
When you are investigating a Windows 7 problem, Event Viewer is one of the first places that you should look.
