15

Windows

Last Update 2 months ago

What Is PowerShell & What Can You Do With It? What Does a Windows Server Mean Useful Windows Server 2022+ Tips Frequently Asked Questions & Answers What Are System Administrator Privileges? (In Simple Terms)

Using Event Viewer on a Windows Computer or Server

Event Viewer is a built-in Windows utility that helps you monitor and troubleshoot your system by reviewing detailed event logs.

Evans

Last Update 2 months ago

From startup to shutdown, Windows continuously logs activities and errors, and Event Viewer provides a structured interface for viewing and analyzing these logs.
Whether you're diagnosing a system crash, security issue, or application failure, Event Viewer is a vital tool for IT administrators and power users alike.
What Is Event Viewer?

Event Viewer allows you to view a wide range of system-generated events. These events are grouped into different categories and help you understand the health and status of your system.

Windows defines events such as app installations, logon attempts, driver errors, and system updates as part of its event log.

Main Event Categories in Event Viewer

Under the Windows Logs section, you’ll find five main log categories:


  • Application – Logs events generated by software running on the system (e.g., errors from a failed app or database).

  • Security – Tracks login attempts, resource access, and other security-related events. Useful for auditing and intrusion detection.

  • Setup – Logs related to system setup and domain controller operations (primarily used in enterprise environments).

  • System – Contains system-level messages related to Windows components, such as driver failures or service crashes.

  • Forwarded Events – Shows logs forwarded from other systems in your network (mainly for centralized monitoring environments).

Event Levels Explained

Each logged event is assigned a level that reflects its severity:


  • Error – Indicates a serious problem, such as data loss, a failed process, or a crashed driver.

  • Warning – Points to potential issues, such as low disk space. These don’t usually require immediate action but should be monitored.

  • Information – Denotes successful operations or routine activity (e.g., a service started).

  • Critical – (Less common) Represents a severe problem that caused a system crash or reboot.

How to Access Event Viewer

  1. Click the Start menu or press Windows + S to open the search bar.

  2. Type Event Viewer and press Enter.

  3. Click on the Event Viewer result.

-> On some systems, you can also press Windows + R, type eventvwr, and press Enter to open it directly.

Once launched, Event Viewer may take a few seconds to initialize.

Navigating Event Viewer

  1. In the left pane, expand the Windows Logs section.

  2. Select one of the categories: Application, Security, Setup, System, or Forwarded Events.

  3. In the middle pane, you’ll see a list of events.

  4. Click any event to view details in the lower pane or right panel.

-> Tip: Look for events that occurred around the time of an issue (e.g., unexpected shutdown, application crash). These will help pinpoint the root cause.

Common Use Cases

  • Diagnosing Blue Screens (BSODs): Check for Critical or Error entries under System logs.

  • Investigating Restarts or Shutdowns: Search for unexpected shutdown entries or power issues.

  • Security Auditing: Review Security logs for failed login attempts or permission changes.

  • Monitoring Application Issues: Use the Application log to identify crashing or misbehaving software.

Event Viewer is a powerful tool for uncovering hidden issues and maintaining system health. While some logs may appear complex, focusing on Error, Warning, or Critical events—especially those matching the time of an issue—can help you quickly identify and resolve problems.

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us