Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Event Viewer - Open and Use in Windows 7

Event Viewer - Open and Use in Windows 7

How to Open and Use Event Viewer in Windows 7
Published by Brink
23 Apr 2012
Published by

How to Open and Use Event Viewer in Windows 7

information   Information
Event Viewer is a tool that displays detailed information about significant events on your computer. Event Viewer can be helpful when troubleshooting problems and errors with Windows and other programs.

This tutorial will show you the basics about how to open and use Event Viewer to read the information in event logs in Windows 7.

Note   Note
Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever these types of events occur, Windows records the event in an event log that you can read by using Event Viewer. Advanced users might find the details in event logs helpful when troubleshooting problems with Windows and other programs.

Event Viewer tracks information in several different logs.

Windows Logs:
The Windows Logs category includes the logs that were available on previous versions of Windows: the Application, Security, and System logs. It also includes two new logs: the Setup log and the Forwarded Events log. Windows logs are intended to store events from legacy applications and events that apply to the entire system.
  • Application (program) - Events are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that isn't necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.
  • Security - These events are called audits and are described as successful or failed depending on the event, such as whether a user trying to log on to Windows was successful.
  • Setup - Computers that are configured as domain controllers will have additional logs displayed here.
  • System - System events are logged by Windows and Windows system services, and are classified as error, warning, or information.
  • Forwarded Events - These events are forwarded to this log by other computers.
Applications and Services Logs:
Applications and Services Logs vary. They include separate logs about the programs that run on your computer, as well as more detailed logs that pertain to specific Windows services. This category of logs includes four subtypes: Admin, Operational, Analytic, and Debug logs.
  • Admin - These events are primarily targeted at end users, administrators, and support personnel. The events that are found in the Admin channels indicate a problem and a well-defined solution that an administrator can act on. An example of an admin event is an event that occurs when an application fails to connect to a printer. These events are either well documented or have a message associated with them that gives the reader direct instructions of what must be done to rectify the problem.
  • Operational - Operational events are used for analyzing and diagnosing a problem or occurrence. They can be used to trigger tools or tasks based on the problem or occurrence. An example of an operational event is an event that occurs when a printer is added or removed from a system.
  • Analytic - Analytic events are published in high volume. They describe program operation and indicate problems that cannot be handled by user intervention.
  • Debug - Debug events are used by developers troubleshooting issues with their programs.
For the source and more information about Event Viewer, see also:
warning   Warning
If you are not logged on as an administrator, you will only be able to change settings that apply to your user account, and some event logs might not be accessible.

EXAMPLE: Event Viewer
Here's How:

1. Open the Start Menu, type eventvwr.msc, and press Enter.

2. If you are logged in as an administrator and prompted by UAC, then click on Yes.

3. In the left pane, click on an event log to see it's events listed at the top of the middle pane.

4. If you like, you could also right click on an event log in the left pane for more options to use. For example, to Filter Current Log or Find a specific event ID number listed in the middle pane.
-options.jpg Name:  Filter.jpg
Views: 169666
Size:  80.1 KB
5. At the top of the middle pane, click or double click on a listed event to view the details of the event.
Name:  details.jpg
Views: 168230
Size:  75.3 KB

Note   Note
Event Properties
  • Source - The software that logged the event, which can be either a program name, such as "SQL Server", or a component of the system or of a large program, such as a driver name. For example, "Elnkii" indicates an EtherLink II driver.
  • Event ID - A number identifying the particular event type. The first line of the description usually contains the name of the event type. For example, 6005 is the ID of the event that occurs when the Event Log service is started. The first line of the description of such an event is "The Event log service was started." The Event ID and the Source can be used by product support representatives to troubleshoot system problems.
  • Level - A classification of the event severity. In the Event Viewer normal list view, these are represented by a symbol.
    • Information - Indicates that a change in an application or component has occurred, such as an operation has successfully completed, a resource has been created, or a service started. Can occur in the system and application logs.
    • Warning - Indicates that an issue has occurred that can impact service or result in a more serious problem if action is not taken. Can occur in the system and application logs.
    • Error - Indicates that a problem has occurred, which might impact functionality that is external to the application or component that triggered the event. Can occur in the system and application logs.
    • Critical - Indicates that a failure has occurred from which the application or component that triggered the event cannot automatically recover. Can occur in the system and application logs.
    • Success Audit - Indicates that the exercise of a user right has succeeded. Can occur in the security log.
    • Failure Audit - Indicates that the exercise of a user right has failed. Can occur in the security log.
  • User - The name of the user on whose behalf the event occurred. This name is the client ID if the event was actually caused by a server process or the primary ID if impersonation is not taking place. Where applicable, a security log entry contains both the primary and impersonation IDs. Impersonation occurs when the server allows one process to take on the security attributes of another.
  • Operational Code - Contains a numeric value that identifies the activity or a point within an activity that the application was performing when it raised the event. For example, initialization or closing.
  • Log - The name of the log where the event was recorded.
  • Task Category - Used to represent a subcomponent or activity of the event publisher.
  • Keywords - A set of categories or tags that can be used to filter or search for events. Examples include "Network", "Security", or "Resource not found."
  • Computer - The name of the computer on which the event occurred. The computer name is typically the name of the local computer, but it might be the name of a computer that forwarded the event or it might be the name of the local computer before its name was changed.
  • Date and Time - The date and time that the event was logged.
Event properties that can be displayed by adding columns to the Event Viewer display. In Event Viewer, you can click on View (menu bar) and Add/Remove Columns to do so.
  • Process ID - The identification number for the process that generated the event.
  • Thread ID - The identification number for the thread that generated the event.
  • Processor ID - The identification number for the processor that processed the event.
  • Session ID - The identification number for the terminal server session in which the event occurred.
  • Kernel Time - The elapsed execution time for kernel-mode instructions, in CPU time units.
  • User Time - The elapsed execution time for user-mode instructions, in CPU time units.
  • Processor Time - The elapsed execution time for user-mode instructions, in CPU ticks.
  • Correlation Id - Identifies the activity in the process for which the event is involved. This identifier is used to specify simple relationships between events.
  • Relative Correlation Id - Identifies a related activity in a process for which the event is involved.

That's it,

23 Apr 2012   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1

Another gem Shawn, thanks

My System SpecsSystem Spec
23 Apr 2012   #2

64-bit Windows 10 Pro

You're most welcome Bill. Thank you.
My System SpecsSystem Spec
23 Apr 2012   #3

Windows 7 Home Premium x64

Wow! Very nice work Brink! Serious dedication there.
My System SpecsSystem Spec

23 Apr 2012   #4

64-bit Windows 10 Pro

Thank you James.
My System SpecsSystem Spec

 Event Viewer - Open and Use in Windows 7

Tutorial Tools

Similar help and support threads
Windows 7 Tutorial Category
Event Viewer Event Id 2002, Source: EapHost, Log Application
Well, I tryed to manage page-file but unfortunataly it resulted in problems. Then I lost VAIO-CARE and 7 ZIP files too. When I open Event Viewer every single day I see this: event Id 2002, Souce: Eap Host, Log name: Application and number of Eventes: 84. As I am desparate about that, What sould...
General Discussion
BSOD when watching videos on youtube, Event 41 in Event Viewer
It's been a while since I've experienced a BSOD as I'm viewing a video on youtube. It would freeze as if the audio was caught in mid-stream then BSOD, then would restart automatically. I go to Event Viewer after windows as loaded and I see Event 41 Kernel-Power in there. I had this issue...
BSOD Help and Support
After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot
I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both. I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were...
BSOD Help and Support
WHEA-Logger event 18/19 errors in Event Viewer (W7 Home Premium)
Hi, I was hoping somebody could offer an insight on the below, as searching around I've not found much to go on other than "overheating" Basically my laptop has been having very high temperatures for a long time (usually ~60C for CPU and often 100-110 for GPU...insanely high, in other words)...
Hardware & Devices
can't open event viewer remotely on a win 7 pc
When I choose actions connect from the Event Viewer, and attempt to connect to a pc running Windows 7, I get this error message: Network path not found. This only happens on Windows 7 pcs.
Network & Sharing
windows 7 event viewer
hello to anyone who can help...:( unfortunately, i did a dumb thing... inside the event viewer, then under custom views, there WERE two options 1) administrative events 2) summary bla bla ..... well i selected the summary one, and clicked DELETE over on the right hand side of the window...
Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:46.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App