|Home > All Tips > PC Troubleshooting
Using Event Viewer to Troubleshoot
Nov 10, 2011 - Jim Bernstein
The Windows Event Viewer is a handy built in Windows utility to diagnose problems with your computers and servers. The Event Viewer keeps a log of what is going on with your computer in respect to such things as applications, security, system services and other areas depending on what version of Windows you are running. If you use it in a Windows server environment you will get additional logs on items such as DNS and directory services. Newer versions of Windows Event Viewer look different than older versions but provide the same information for the most part.
The Windows Event Viewer is fairly simple to use once you get the hang of it and it will come in very handy when you are trying to figure out the source of the problem since you can note the time the problem occured and view events from that time when searching the logs. Then you can find the reason that Event Viewer gives for the problem.
To get to the Event Viewer tool simply right click your My Computer (XP) or Computer (Vista & 7) icon and select Manage.
Windows XP Event Viewer
Windows Vista and higher Event Viewer
Event Viewer logs are categorized into groups that include informational alerts, warnings and errors. You can sort these entries by type, date, time, source, category, event, user and computer. When you double click an entry you will get more detailed information about that entry.
In this example you can see that the type of the entry is a warning, the source of the error is Symantec AntiVirus and the computer name is JIM. Under the description it tells you that the Symantec AntiVirus could not scan the pagefile.sys file. You can use this information to search the web to find answers to more complicated events by using the Source, Category and Event ID information.
You can also export the event logs to a file if you want to save them or have someone else look at them on their computer. To do this simply right click the log you want to save and pick Save Log File As. You will have an option to save it as an Event Log, text file or CSV file.
To clear the contents of the log file right click the log and pick Clear all Events. It will ask you if you want to save the log before clearing it.
The Windows Vista and Windows 7 Event Viewer will have more information than the XP and older Event Viewer. It will also allow you to filter for certain types of events as well as perform searches.
In this example you can see that the Microsoft Office Session log shows that Outlook crashed after being up 85796 seconds (about 24 hours). The Event ID for this crash is 7001 and you can use that ID to look up the potential cause of the crash.
The Event Viewer is a good place even to see what is going on with your computer and to find issues that you didn't even know about.
Related Computer Tips:
Using Windows Computer Management
Windows Vista Reliability Monitor