How can Event Viewer help with increasing the performance of your computer? Event Viewer enables you to identify hardware and software failures that you may not even know have been occurring. If you want to increase the performance of your computer, you need to fix any problems first. Skipping ahead without fixing the problems first is similar to tweaking your car engine for speed but not fixing the flat tires. Even if you increase the performance of other components of your computer, any errors or failures can offset any improvements in speed.
Using Event Viewer is very easy but requires an account with administrative privileges to run. To start Event Viewer, click the Start button, type Eventvwr.msc in the Search box, and then press Enter.
After Event Viewer shows up on-screen, you will see the Overview and Summary screen. The Summary of Administrative Events section provides an aggregated view of all your events. This groups them together from all your system logs and also gives you time-period stats on the different types of events. Expand the different event types, such as Critical, Error, and Warning, to see a more detailed aggregated view of all events that match that event type. You can also double-click the event types and events to view more details. Doing so will create a custom view for you automatically. I will get into those in more detail shortly. First, let’s lay the groundwork for using Event Viewer.
Reading Logs and Events
The various system logs are organized in two grouping folders:
» Windows Logs: Windows Logs enable you to find events covering
Windows core applications, security, setup, and the system.
» Application and Services Logs: You can find events such as hardware and specific software applications under Applications and Service Logs.
When you expand the top-level grouping folders and select a sub-event topic, you are presented with a list of all the events sorted by date by default. Simply select an event to view the details.
Reading the event log is very easy to do. After an event is selected, you will see details of the event in the bottom pane. The most important pieces of information for each event are the source, ID, and Description. If you do not see the description of the event on your screen, expand the Details pane up to review the description. Alternatively, you can double-click the event to bring up the Details pane in a new window.
If you have identified any events that signaled an error or warning, it is a good idea to research the event to find out whether it is important to fix. The most popular way to investigate an event is to do a search on either Google, Yahoo!, or Bing with the event ID. With the new version of Event Viewer in Windows 7, you can also click the More Information link on the General tab of an event. This will show you whether Microsoft has any information on the specific event.
Creating Custom Views
Using Event Viewer can be overwhelming because of the massive amount of data to which you have access. Custom Views is Microsoft’s answer to data overload. Instead of looking through multiple log files, you can create a custom view in which you specify parameters for specific types of events. You can use the view to find all events that you specified no matter what log they are in. You first encountered a custom view on the Event Logs Summary screen. All the information in the Summary of administrative events section is populated by a custom view.
Creating your own custom view is easier than manually navigating through all the different log sources, and custom views are more flexible than the Event Logs Summary screen. Follow these steps to create your own custom view:
1. With Event Viewer open, right click on Custom Views and select Create Custom View.
2. The Create Custom View window loads, showing all the parameters of the view. You will see two tabs: Filter and XML. You will use the Filter tab because it automatically produces the XML for you.
3. Select the Time Period for your view. I like to use Last 7 Days for this option.
4. Check the boxes for the Event Levels you want to view, such as Critical, Error, and Warning.
5. Expand the Event Logs drop-down box and then select the log sources that you want to search in.
6. You have the option to set a specific object to view events for, such as a specific application or device. Alternatively, you can just leave this setting as
7. To find all the events with a certain ID, enter in the Event ID. You can also exclude a specific event from the view by adding a minus sign in front of the ID (for example, –2030).
8. The last few settings are used less frequently. Here you can also specify the Task Category, Keywords for the event, and a specific computer user the event occurred with.
9. After finalizing the settings, click OK.
10. The Save Filter to Custom View screen will pop up. Type a Name and click OK.
After your new custom view has been generated, you can open it by expanding Custom Views and selecting it from the list.
0 comments: on "Using Event Viewer on Windows 7"
Post a Comment