All articles, Windows servers

View events in Windows

View events in Windows

Windows Tool – Event Viewer

The most common method is to press Win + R and type eventvwr.msc, then press OK.

View events in Windows 1 2

Another method, which is suitable for all current OS versions, is to go to Control Panel, then Administration and select “Event Viewer.”.

View events in Windows 2 2 1024x457

And another option is to right-click on the “Start” button and select the specific menu item “Event Viewer.”.

View events in Windows 3 2

Where and What Is in This Utility?

View events in Windows 4 2 1024x551

We can divide the interface into three conditional parts:

  • In the left panel, there is a tree-like structure that sorts events by various parameters. Besides, you can add your own “Custom Views” here, which will display only the events you need.
  • In the center, when selecting one of the “folders” on the left, the list of events is displayed, and when selecting any of them, you will see more detailed information about it at the bottom.
  • On the right, there are links to actions that allow you to filter events by parameters, find the necessary ones, create custom views, save the list, and create a task in the Task Scheduler linked to a specific event.

Event Information

View events in Windows 4 2 1024x551

As mentioned earlier, when selecting an event, information about it is displayed at the bottom. This information can help find a solution to the problem on the Internet (though not always) and understand the meaning of each property:

  • Log Name – the name of the log file where event information was saved.
  • Source – the name of the program, process, or system component that generated the event (if you see “Application Error” here, you can find the application name in the field above).
  • Event ID – the event code, which can help find information about it on the Internet. However, it’s best to search in the English segment using the query “Event ID” + the digital code designation + the name of the application that caused the failure (as event codes are unique for each program).
  • OpCode – typically, “Information” is always indicated here, so this field is not very informative.
  • Task Category, Keywords – usually, these are not used.
  • User and Computer – indicates which user and on which computer the process that caused the event was launched.

Let’s Analyze an Example for You

To find information about an error, it’s better to use the following query: Application Name + Event ID + Code + Source. An example can be seen in the screenshot. You can try searching in Russian, but you’ll find more informative results in English. Also, textual error information can be useful (double-click on the event).

View events in Windows 6 2

 

View events in Windows 7 2 1024x490

There is a remote code execution vulnerability in the Unpatched version of CredSSP. An attacker who successfully exploits this vulnerability passes a user’s credentials to execute code on the target system. Any application that relies on CredSSP for authentication can be vulnerable to this type of attack. Using an internet search, I found a link that redirects us to the official Microsoft website, where support service informs about the CredSSP update for CVE-2018-0886. We can conclude that this notification does not affect the computer’s functionality.

It’s also worth noting that most warnings are not something dangerous, and error messages do not always indicate that something is wrong with the computer.

Viewing Windows Performance Logs

In Windows Event Viewer, you can find quite a bit of interesting information, such as checking for computer performance issues.

View events in Windows 8 2 1024x755

To do this, in the left panel, open Application and Service Logs – Microsoft – Windows – Diagnostics-Performance. Here, you can see if there are any errors among the events, which indicate that a component or program has caused a slowdown in Windows boot. By double-clicking on an event, you can access detailed information about it.

Using Filters

Due to the large amount of information and events in logs, it can be challenging for users to navigate through them, especially when most of them do not contain critical information. There is a way to display only the events you need – using custom settings: setting the level of events, errors, warnings, critical errors, and their source or log.

To configure a filter to your liking, click the corresponding item on the right panel. After creating a custom view, you can apply additional filters to it by clicking on “Filter Current Custom View.”

View events in Windows 9 2 1024x766

Conclusion

Viewing events in Windows is an essential tool for administering Dedicated Servers and virtual machines based on WINDOWS KVM. Windows event logs contain information about events on the server, including errors, warnings, and informational messages.

Administrators can use Windows Event Viewer to monitor system performance, identify problems, and resolve them. For example, if an error occurs on a virtual machine, Event Viewer can help the administrator find the cause of the error and resolve the issue.

This article is aimed at novice users. We hope that the information provided here can help you learn about the Windows administration tool.