In Depth Information
Using Event Viewer
provides an aggregated view of all your events. This groups them together
from all your system logs and also gives you time-period stats on the different
types of events. Expand the different event types, such as Critical, Error, and
Warning, to see a more detailed view of all events that match that event type.
You can also double-click the event types and events to view more details. Doing
so creates a custom view for you automatically. I get into those in more detail
shortly. First, I lay the groundwork for using Event Viewer.
Reading Logs and Events
The various system logs are organized in two grouping folders:
Windows Logs —Windows Logs enable you to find events covering
Windows core applications, security, setup, and the system.
Application And Services Logs —You can find events such as hardware
and specific software applications under Applications And Service Logs.
When you expand the top-level grouping folders and select a sub-event topic,
you are presented with a list of all the events sorted by date by default. Simply
select an event to view the details.
Reading the event log is very easy to do. After you select an event, the event
details appear in the bottom pane. The most important pieces of information for
each event are the Source, ID, and Description. If you do not see the description
of the event on your screen, expand the Details pane up to review the
description. Alternatively, you can double-click the event to bring up the Details pane
in a new window.
If you identify any events that signal an error or warning, it is a good idea to
research the event to find out whether it is important to ix. The most popular
way to investigate an event is to do a search on Google, Yahoo!, or Bing with
the event ID. With the new version of Event Viewer in Windows 8, you can also
click the More Information link on the General tab of an event. This shows you
whether Microsoft has any information on the specific event.
Creating Custom Views
Using Event Viewer can be overwhelming because of the massive amount of
data to which you have access. Custom views are Microsoft’s answer to data
overload. Instead of looking through multiple log files, you can create a custom
view in which you specify parameters for specific types of events. You can use
the view to find all events that you specified no matter what log they are in.
You first encountered a custom view on the Event Logs Summary screen. All
the information in the Summary Of Administrative Events section is populated
by a custom view.
