Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Security threats keep coming! Learn how to protect your organization.

LIVE WEBINAR!
Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for Upcoming Webinar

Upcoming Webinar

Maximizing Your Microsoft E5 Security Solutions
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference
Icon for Ebook

Ebook

The Forrester New Wave™: SaaS Application Data Protection, Q4 2021

Home

Windows Vista

Working with Vista’s new Event Viewer

Daniel Petri

 |

Jan 8, 2009

The Event Viewer is an application that enables you to browse and manage event logs. Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever one of these types of events occur, the system records the event in an event log that you can read by using Event Viewer. The Event Viewer is an indispensable tool for monitoring the health of systems and troubleshooting issues when they arise.

Event Viewer has been around since the days of Windows NT, but has not changed much, up to the arrival of Windows Vista (and Windows Server 2008). In Windows Vista, Event Viewer enables an administrator to perform the following tasks:

advertisment

  • View events from multiple event logs – Unlike previous versions of Windows, in Vista, Event Viewer enables you to filter for specific events across multiple logs, which makes it easier to investigate issues and troubleshoot problems that might be logged in several logs. To specify a filter that spans multiple logs, you need to create a custom view.
  • Save useful event filters as custom views that can be reused – Filtering is useful to narrow the searching for events to just those that you are interested in. In previous operating systems, after performing the needed filter on the logs and closing Event Viewer you lost all your work because there was no way to save your filter settings. In Vista, Event Viewer allows you to create custom views. Once you have queried and sorted your way to just the events you wanted to analyze, you can save your search filters and have it available for you to reuse in the future. You can even export the view and use it on other computers or share it with other people.
  • Schedule a task to run in response to an event – With the new Vista Using Event Viewer you can automate responses to events. Event Viewer is integrated with Task Scheduler, enabling you to associate tasks to events.
  • Create and manage event subscriptions – You can collect events from remote computers and store them locally by specifying event subscriptions.

Note: Windows Event Viewer is a Microsoft Management Console (MMC) snap-in that can be easily added to a custom MMC window. You can open it manually by typing eventvwr.msc in the Run command.

Note: Along with the new Event Viewer, Vista also introduced the Reliability Monitor, a part of the Performance console found in Computer Management or as a stand-alone snap-in. Monitoring the system’s stability with the Reliability Monitor makes it easier for the administrators to visually see the stability rating for the system, and allows them to quickly see what caused the lack of stability. Read more about it in my “Using the Reliability Monitor in Windows Vista” article.

Besides re-designing the interface, the infrastructure that underlies event logging has also been re-written in Windows Vista. Information about each event conforms to an XML schema, and you can access the XML representing a given event.

advertisment

Like in previous Windows versions, Event Viewer tracks information in several different logs. But unlike pre-Vista operating systems, the Vista Event Viewer has more flexibility in the log types and in the way it displays them. Windows Vista Logs include:

  • Application events – These events are either classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that is not necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.
  • Security-related events – These events are called audits and are described as successful or failed, depending on the event, such as whether a user trying to log on to Windows was successful.
  • Setup events – Computers that are configured as domain controllers will have additional logs displayed here.
  • System events – System events are logged by Windows and Windows system services, and are classified as error, warning, or information.
  • Forwarded events – These events are forwarded to this log by other computers.
  • Applications and Services Logs vary – Applications and Services logs are a new category of event logs. They include separate logs about the programs that run on your computer, as well as more detailed logs that pertain to specific Windows services.

Running Event Viewer

Note: You must be logged on as an administrator to use Event Viewer’s full capabilities.

To run Event Viewer:

  1. Open Computer Management by right-clicking the Computer icon on the start menu (or on the Desktop if you have it enabled) and select Manage. Navigate to the Event Viewer. Note: If you did not disable UAC (read my “Disable User Account Control in Windows Vista” article) then you will be prompted to consent to the action you’re about to perform. Click Continue. Note: You can also open the Event Viewer by typing Event Viewer in the Search box and pressing Enter, or typing eventvwr.msc in the Run command.  
  2. Feel free to expand the folders and nodes in the left pane and look around for a while. Note that the new Vista Event Viewer is totally re-designed and has a lot more to offer than the pre-Vista versions.  
  3. Click on Event Viewer (Local) in the left navigation pane.  
  4. Note that, with a glance, you can easily view the number of errors, warnings etc. for the past 24 hours and 7 days.  

Filter displayed events

When viewing an event log, you can filter the events being displayed. Like in previous Windows versions, event filtering is temporary by design, meaning you filter for something, then when you close Event Viewer, the filter is no longer applied. You can also remove an applied filter. However, unlike previous OSs, if you create a useful filter that you want to reuse, you can save it as a custom view.

advertisment

You can read more about Filtering and Custom Views in my upcoming “Working with Filtering and Custom Views in the Vista Event Viewer” article.

Change what event properties are displayed, and their order

With the new Vista Event Viewer, you can customize how events are displayed by configuring the order in which properties appear in the details pane.

To change the order of event properties:

  1. In the console tree, navigate to and select an event log, custom view, or saved log.
  2. On the View menu, click Add/Remove Columns.  
  3. In the Add/Remove Columns dialog box, select the event properties you want to show from the Available columns list box and click Add.
  4. You can hide properties by selecting the event properties you want to hide from the Displayed columns list box, and clicking Remove.
  5. You can change the order of the displayed event properties by clicking the event property you want to reorder, and then using the Move Up and Move buttons to position the property. Click OK when done.

Group events by a given event property

You can view all events that share the same value for any given event property. For example, you can view all the events that originated from the same source or all the Warning level events. You can sort events by property, but the resulting groupings might be large and difficult to navigate. If you run into that limit with sorting, you can instead use the grouping feature of Event Viewer. When you group events, a descriptive heading appears in the list control above each group. Although all members of all groups are visible by default, you can collapse and expand each distinct group by double-clicking the corresponding group heading.

To group events according to a given property:

  1. In the console tree, navigate to and select an event log, custom view, or saved log.
  2. In the header in the event list, right-click the column header that represents the property you want to group by and click Group events by this column.     

Run a Task in response to a given event

Another of Vista’s new Event Viewer improvements is the ability to configure a task to run when a specific event logged.

You can read more about assigning tasks to events in my “Assigning Custom Tasks to Events in Vista” article.

Summary

Vista’s new Event Viewer comes as a big improvement over previous versions. The various ways in which you can display, work with and place conditions on events is a real benefit for administrators, and although the new interface is quite different than what we were used to in pre-Vista OSs, getting used to it is quite easy.

Links

Events And Errors Message Center: Advanced Search

EventID.Net

Related Articles

Got a question? Post it on our Windows Vista Forums!

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Windows Vista

How to use the Windows Recovery Environment

Apr 21, 2021 | Michael Reinders

Microsoft Closes the Book on Windows Vista

Apr 11, 2017 | Brad Sams

Paul Thurrott's Short Takes: March 17

Mar 17, 2017 | Paul Thurrott

Microsoft to Fix Zero-Day Windows Flaw That Was Outed by Google

Nov 2, 2016 | Paul Thurrott

SCARY: “Atom Bomb” Windows Security Hole said to be Unfixable

Oct 31, 2016 | Richi Jennings

Correcting Multiple Monitor Configuration Issues in Vista

Jul 15, 2009 | Daniel Petri

Most popular on petri

X

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy