Event Viewer



The Event Viewer records system, security, and application events. In Windows XP, any significant occurrence in the system, or in an application, that requires user notification would be considered an "event". These event logs can provide you with information about every aspect of your PC including hardware, software, security, and system components. They can also help you identify the source of your system problems.

How to Get to Event Viewer

  • Click on the START button.

  • Right-click on My Computer.

  • Left-click on "Manage". This will bring you to the Computer Mangement Console shown below.

From here you can see Event Viewer listed in the left pane of the Computer Management Console. Click on the plus "+" sign to expand the list of choices provided.


Event Viewer records events in three basic logs: the Application Log, the Security Log, and the System Log.

The Application Log

The application log contains information about programs. For example, a "Faulting Application" error may be shown by a red circle with a white X on it. These white X errors are for more serious types of errors which may need intervention by the user. Most events are "informational" in nature shown by a white "word balloon" with a blue "i" inside. There are also yellow warning signs that can warn you of the potential for more serious issues.



The Security Log

The security log can record user actions such as successful and unsuccessful logon attempts, as well as the creating, opening, or deleting of files. All events are categorized as a successful or unsuccessful audit. Security auditing is something that has to be initiated by an Administrator and is not activated by default.

The System Log

The system log, of course, contains events logged by the operating system. For instance, when you boot up you'll see many informational events referring to different services starting up. By the same token you'll see an error event if a service suddenly stops. The System log uses the same red circles for errors and white "word balloons" for informational events like the Application Log.

The Event Properties Window

By double-clicking on any event log entry you will bring up the Event Properties window for that event. Each Event Properties window is basically the same, providing you with:

  • The date of the event.

  • The time it occurred.

  • The type of event it is, either Error, Warning, Information, Success Audit, or Failure Audit.

  • The user's name who was logged in at the time.

  • The computer's name.

  • The source of the event. The name of a program, task, or system component.

  • The Category. Used mostly by the Security Log, it's a classification of the event by the source of the event.

  • The Event ID. A number that can be used by product support representatives to help understand what occurred in the system.

    You can also check the Microsoft Help and Support Center

    to find out the cause, and maybe a solution, by searching for the Event ID number. In fact, some of the Event Properties windows have the link available in the Description box to make it easy for you.



Searching for an Event

The Event Viewer logs can become very long and it would be a tedious process having to open each event listing while looking for a particular event. A much better idea would be to click on the View button on the toolbar and selecting "Find" from the resulting menu. From the Find window you will fill out as much of the search criteria as you can in order to narrow down your search findings. Or, you can choose "Filter.." which has the same criteria to fill out as Find, but also lets you search in a particular time frame. Either way makes searching much easier.



Log Size

The logs, by default, are set to an initial maximum size of 512KB. When the file limit is reached, the log begins overwriting the existing log, starting with oldest listing. You can change these settings by right-clicking on the log name, such as "Application", and selecting "Properties" from the resulting menu. From the Application Properties window, shown below, you can change the maximum log size, decide whether or not to overwrite the log when full, restore the default settings, and even clear the log completely.



Saving Log Files

If for some reason you would like to save your log data, you can right-click the log name that you want to save then click "Save Log File As". Next, give the file a name and decide where you want to save it, like your desktop for instance. Then, in the "Save as type" box, click on the format that you want to use, and click Save.

Return From Event Viewer to the Tutorials Page

Return to the Home Page


footer for event viewer page