Menu
Is free
registration
home  /  Navigators/ The event log does not work in windows 7. Where is the windows event log

The event log does not work in windows 7. Where is the windows event log

Hello everyone !!

It is no longer a secret for anyone that in the operating room Windows system SEVEN, just like in Windows Vista, there are two categories of event logs: application and service logs, and Windows logs.

Windows logs - the operating system uses to log system-wide events that are related to work system components, applications, security and launch. Application and service logs - applications and services are used to register events that are related to their work. To manage the event logs, you can use the Event Viewer snap-in or the program command line wevtutil
I want to dwell on how you can work with event logs:
In order to view these very events of the application log, we need to perform the following steps:
Select "Windows Logs" in the console tree.
Select the journal "Applications".
Whenever possible, it is advisable to review the System and Application event logs as often as possible and examine the existing problems and warnings that may predict future problems. In the middle window, when a log is selected, the available events are displayed, including the event date, event level, time and source, and other data.
The Viewport pane displays event data on the General tab, and the Details tab displays additional specific data.

This panel can be turned on and off by choosing the "View" menu and then the "View Area" command.
It is recommended to keep logs for the last few months for critical systems. As a rule, it is not very convenient to assign magazines such a size that they can fit all the information in them, and therefore this problem can be solved in a different way. Logs can be exported to files located in a specified folder. To save the selected log do the following:
Select the event log to be saved in the console tree;
Select the "Save Events As" command from the "Action" menu or select the "Save All Events As" command from the context menu of the log;
In the "Save As" dialog select the folder where the file should be saved. If you need to save a file in a new folder, you can create it directly from this dialog using the context menu or on the action bar the " new folder". In the" File type "field, select the desired file format from the available ones: event files - * .evtx, xml file - * .xml, tab-delimited text - * .txt, csv with commas - * .csv. In the "File name" field, enter a name and click on the "Save" button. Click on the "Cancel" button to cancel saving.
If the event log is not intended to be viewed on another computer, leave the default option "Do not display information" in the "Display information" dialog box, and if the log is intended for viewing on another computer, then in the "Display information" dialog box select the option "Display information for the following languages" and click on the "OK" button.
How to work with event logs:
View events
If you want to view application log events, follow these steps:
Select "Windows Logs" in the console tree;
Select the "Applications" log.
It is advisable to review the "System" and "Application" event logs and investigate the existing problems and warnings. When you select a log, the available events are displayed in the middle window.
The Viewport pane will show basic event data on the General tab, and additional data will be displayed on the Details tab. You can turn this panel on and off by choosing the "View" menu and the "View Area" command.
It is recommended for critical systems to keep logs from recent months.

All the time it is inconvenient to assign such a size to magazines so that all the information fits in them, as a rule, it is inconvenient to solve this problem in a different way. You can export the logs to files located in the specified folder. To save the selected log do the following:
In the console tree, select the event log to be saved;
Select the "Save Events As" command from the "Action" menu or select the "Save All Events As" command from the log menu;
In the "Save As" dialog select the folder in which the file should be saved. If the file needs to be saved in a new folder, you can create it from this dialog using the context menu or the "New folder" button on the action bar. In the "File type" field, select the required file format from the suggested ones: event files - * .evtx, tab-delimited text - * .txt,
xml file - * .xml,
csv separated by commas - * .csv. In the "File name" field, enter a name and click on the "Save" button. To cancel saving, click on "Cancel"; If the event log is not intended to be viewed on another computer, in the Display Information dialog box, leave the Do not display information option, and if the log is intended to be viewed on another computer, then in the Display Information dialog box, "select the option" Display information for the following languages ​​"and click" OK ".
Clearing the event log
Select the event log in the console tree to be cleared; Clear the log in one of the following ways:
From the Action menu select the Clear Log command
On the selected log, right-click to open the context menu. V context menu select the command "Clear log"
Then you can clear the log or archive it in case this has not been done before:
If you clear the event log without saving, click on the "Clear" button;
To clear the event log after saving it, click on "Save and clear". In the "Save As" dialog select the folder where the file should be saved. If you want to save a file in a new folder, you can create it from this dialog using the context menu or the "New folder" button on the action bar. In the "File name" field, enter a name and click on "Save". To cancel the save, press "Cancel". Uh, like everything, but if it's not clear then I'm waiting for your comments.

That's all and see you again ...

Any modern OS with graphical interface based on events. The same goes for software, for such OS developed. Event is the cornerstone of this infrastructure. Events are understood not only the interactive actions of the user, but also the results of various system processes hidden from the eyes of the operator of the system pressing the buttons and clicking on the keys.

Events can be built-in, that is, those that are predefined by the architecture, and created by the administrator or developer. In this article, we will look at the classification of events in Windows, the means of logging and viewing them, as well as methods of working with them.

The interface for viewing the events that have occurred in the system is called the "system log". Log entries are created as a result of some actions of programs or users, which are reserved by the OS as events. Of course, not every action is logged. There are too many of them for that.

For example, moving the mouse at least one pixel already generates a software exception and can potentially be processed by the "operating system", which, in essence, is what happens - such actions do not get into the log. Security warnings, on the other hand, are logged as they constitute critical information.

Windows allows fine tuning the list of critical system exceptions. To some extent, you yourself are free to decide what to log, and what information you can do without. To give you an idea of ​​this, here are some of the standard log operations:

  • Viewing the list of events.
  • Filtering the list by specific criteria.
  • Creation of "triggers" of reactions to processes in the system - the so-called "subscription".
  • Designation of the type of reaction to a particular event.

How to view?

To view the contents of the log, you need to launch the corresponding application. This is done like this:

  • Go to the Start menu => Control Panel.
  • We select the section "Administration".
  • In this section, click on the name of the Event Viewer component.
  • A program with a characteristic window will be launched - the so-called "snap-in". This rig is the visual interface for our protocol.

The same can be achieved by typing the mmc command in the Run window (called from the same Start menu). This command will launch a common interface for all snap-ins, in which you will need to go to the "Console" => "Add or remove snap-in" menu and call the required one from the list of all snap-ins. In the seventh Windows versions all this is done in the same way as in the previous one. The "Run" window can also be called using the keyboard combination "Win" + "R" - the result will be the same. As a result of our manipulations, a window of the following type will appear:

OS event classification

Next, we will classify the log entries according to their meaning to the user. Events are divided into those that are generated by the operating system itself, and those that come from applications and services. However, this classification does not take into account the meaning of the recorded phenomena. A more detailed grouping of them is as follows:

All data is stored in the popular XML format, so an event log-like wrapper is required to read and process it. Although it is possible to directly view events in Windows 7 in files, it is extremely difficult. However, there is no need to do this, since the Windows 7 event log does it for us.

Entry parameters

Each entry in the Windows OS log has a uniform set of parameters that characterize its properties: a pointer to the source of origin, a special identifying code, a degree of severity, and many others.

Some parameters are meaningful for any event, while others apply only to certain types of events. The journal has a menu with many options to simplify the work of the user with his entries:

Now you know how to open the event log in Windows 7 and what it is.

The Windows Vista operating system carefully and tirelessly monitors everything that happens to it. Absolutely all actions that are called "events" are constantly recorded and categorized. You can think of Event Viewer (which is, if you're curious, an MMC snap-in) as a journal kept by a scrupulous and corrosive old woman on a bench at the entrance. It records who enters and leaves the house, what conversations are going on between the tenants, who divorced whom and got into a fight. In other words, it has a complete picture of how the house lives.

A similar function of the spy is performed by the Event Viewer program, which, unlike the old woman's curiosity, is designed to diagnose and identify those problems in the operation of the OS that the user did not even know about.

All events occurring in the system are recorded in special system logs. Event Viewer allows you to view the contents of these logs, archive them, and delete them. How exactly can you use this program? The main purpose is to identify the problems that have arisen and the reason for their occurrence. If the device malfunctions, HDD"Got busy", some program constantly "freezes" or another unpleasant event has occurred, information about what happened will be recorded in the corresponding system log. Then it is enough to launch Event Viewer and get complete and visual information from the system log.

You can start Event Viewer in one of the following ways.

  • Select a team Start> Control Panel, click on the link System and its maintenance, then on the link Administration and finally on the link View events.
  • Second way for the impatient: enter the command at the command line eventvwr.

Recall that, in addition to clicking the button Start, you can call the command line window by pressing the key combination ... Also, keep in mind that you need to use the full functionality of the Event Viewer. administrative rights access.

In any case, the window shown below will open.

  • View events from multiple system logs.
  • Create event filters as custom views.
  • The ability to create a task that runs automatically with a specific event.

Let's take a closer look at the window shown above. The window is divided into three panels. On the left pane View events there are several folders containing custom views, logs, and subscriptions. The center pane contains several submenus such as and Recently viewed sites... Finally, on the right pane Actions you can choose certain actions, such as creating a custom view or connecting to another computer.

Panel allows you to quickly identify all important events recorded over the past hour, day or week. Each type of event can be expanded to find out detailed information about the event. The panel gives a general picture of what is happening in the system, and to get specific information, you should go to a specific event.

Since Event Viewer is used to view system logs, click the folder icons and Application and service logs in the left pane to expand the list of available logs. Let's consider it in more detail. In folder the following magazines are presented.

  • Application... Events in this magazine generated by applications including installed programs provided with Windows Vista and operating system services. What kind of events are recorded in this log depends on the specific program.
  • Security... This log lists user attempts to log on (successful and unsuccessful), as well as actions related to shared resources, such as actions to create, modify, or delete files or folders.
  • Settings... Events in this log are generated during software installation.
  • System... System events are generated by Windows itself and by installable components such as device drivers. The log is useful for detecting drivers that are loaded when Windows startup There has been a breakdown.
  • Forwarded events... In this log, you can find events collected from other computers on the network.

In folder Application and service logs you can find entries for individual applications and services. While other logs provide general entries, this log contains information about the operation of specific programs. Pay attention to the nested Microsoft folder, which, in turn, contains the nested Windows folder... In this folder you can find entries for a wide variety of Windows components Vista presented in separate folders.

In the seventh version of the Windows operating system, the function of tracking important events that occur in work is implemented. In Microsoft, the concept of "events" means any incidents in the system that are recorded in a special log and signal themselves to users or administrators. This could be a utility program that does not want to start, applications crash, or improper installation of devices. All incidents are recorded and saved by the Windows 7 event log. It also arranges and shows all actions in chronological order, helps to carry out system control, ensures the security of the operating system, fixes errors and diagnoses the entire system.

You should periodically review this log for any incoming information and adjust the system to save important data.

Window 7 - programs

The Event Viewer computer application is the main part of Microsoft's service utilities, which are designed to control and view the event log. it necessary tool to monitor the health of the system and eliminate emerging errors. The Windows utility that manages the documentation of incidents is called the Event Log. If this service is running, then it begins to collect and log all important data in its archive. The Windows 7 event log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in the system settings;

Creation of a subscription for certain incidents and their management;

Assign certain actions when any events occur.

How do I open the Windows 7 event log?

The program responsible for recording incidents starts as follows:

1. The menu is activated by pressing the "Start" button in the lower left corner of the monitor, then the "Control Panel" opens. In the list of controls, select "Administration" and already in this submenu, click on "Event Viewer".

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search box and send a request to search for a file. Next, the MMC table will open, where you need to select the paragraph indicating the addition and removal of the snap-in. Then the "Event Viewer" is added to the main window.

What is the described application?

V operating systems ah Widows 7 and Vista have two events installed: system archives and application service log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the "Event Log" service uses the "View" tab, which is subdivided into the following items:

Application - events that are associated with some kind of a specific program... For example, postal services store in this place the history of sending information, various events in mailboxes etc.

The item "Security" saves all data related to logins and logouts, the use of administrative capabilities and access to resources.

Installation - This Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - records all operating system events, such as a failure when launching utility applications or when installing and updating device drivers, various messages concerning the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the "Administration" menu, where the event log in Windows 7 is located, there are such additional items:

Internet Explorer - events that occur during the operation and configuration of the browser of the same name are registered here.

Windows PowerShell - This folder contains incidents that are associated with PowerShell.

Equipment events - if this item is configured, then the data generated by the devices is recorded in the log.

The entire structure of the "seven", which provides a record of all events, is based on the "Vista" type on XML. But in order to use the event log program in Window 7, you do not need to know how to apply this code. Event Viewer will do everything by itself, providing a convenient and simple table with menu items.

Characteristics of incidents

A user who wants to know how to view the Windows 7 event log should also understand the characteristics of the data that he wants to view. After all, there are various properties of certain incidents described in the Event Viewer. We will consider these characteristics below:

Sources is a program that records events in the log. This is where the names of the applications or drivers that affected this or that incident are recorded.

Event ID is a set of numbers that define the type of incident. This code and event source name is used technical support system support for and elimination of software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Error.

4. Dangerous mistake.

5. Monitoring of successful error correction operations.

6. Audit of unsuccessful actions.

Users - fixes data of accounts, on behalf of which names may have occurred various services as well as real users.

Date and Time - records the timing of the occurrence of the event.

There are many other events that occur when the operating system is running. All incidents are displayed in the "Event Viewer" with a description of all related information data.

How to work with the event log?

Highly important point In order to protect the system from crashes and freezes, there is a periodic review of the "Application" log, which records information about incidents, recent actions with a particular program, and also provides a choice of available operations.

Going into the Windows 7 event log, in the Application submenu, you can see a list of all programs that caused various negative events in the system, the time and date of their occurrence, the source, and also the degree of problem.

User response to events

After learning how to open the Windows 7 event log and how to use it, you should then learn how to apply with this useful application"Task Manager". To do this, right-click on any incident and select the menu for assigning a task to an event in the window that opens. The next time such an incident occurs in the system, the operating system will automatically launch the set task to handle the error and fix it.

An error in the log is not a cause for panic

If, looking at the Windows 7 system event log, you see system errors or warnings that appear periodically, then you should not worry and panic about this. Even with a perfectly working computer, various errors and failures can be recorded, most of which do not pose a serious threat to the health of the PC.

The application we are describing was created in order to make it easier for the system administrator to control computers and eliminate emerging problems.

Output

Based on the foregoing, it becomes clear that the event log is a way for programs and the system to record and save all events on a computer in one place. This journal contains all operational errors, messages and warnings of system applications.

Where is the event log in Windows 7, how to open it, how to use it, how to fix the errors that have appeared - we learned all this from this article. But many will ask: “Why do we need this, we don’t system administrators, not programmers, but ordinary users who do not need this knowledge? " But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to heal himself in one way or another. And many people often succeed. So a computer, which is a digital organism, can "get sick", and this article shows one of the ways how to diagnose the cause of such a "disease", based on the results of such "examination", you can make the right decision about the methods of subsequent "treatment".

So information about the way of viewing events will be useful not only to the system analyst, but also to the ordinary user.

Hello, friends! In this article, we will consider Windows 7 event log... The operating system records almost everything that happens to it in this log. It is convenient to view it using the Event Viewer application, which is installed with Windows 7. To say that there are many recorded events is to say nothing. Their darkness. But, getting lost in them is difficult since everything is sorted into categories.

Thanks to the event log, specialists and ordinary users it is much easier to find errors and fix them. Speaking easier, I didn't mean easy. Almost always, to fix a repetitive error, you will have to heavily use the search and re-read a bunch of material. Sometimes it is worth it to get rid of the non-standard behavior of the operating system.

For the operating system to successfully fill the event logs, the Windows Event Log service must be running, which is responsible for this. Let's check if this service is running. In the search field of the main Start menu, look for Services

Finding a service Windows event log and check the Status - Works and Startup type - Automatically

If this service is not running for you, double-click on it with the left mouse and in the properties in the Startup type section select Automatic. Then click Run and OK

The service has started and the event logs begin to fill up.

We launch the Event Viewer utility using the search from change Start

The default utility is as follows

Much can be customized here. For example, using the buttons below the menu area, you can hide or show the Console Tree on the left and the Actions pane on the right.

The area centered at the bottom is called the Viewport. It displays information about the selected event. It can be removed by unchecking the corresponding checkbox in the View menu or by clicking on the cross in the upper right corner of the viewing area

The main field is in the center at the top and is a table with the events of the log you selected in the Console tree. Not all columns are displayed by default. You can add and change their display order. To do this, click on the header of any column with the right mouse and select Add or Remove Columns ...

In the window that opens, add the required columns from the left field to the column Displayed columns

To change the order of displaying columns in the right field, select the desired column and use the Up and Down buttons to change the location.

Each column is a specific property of the event. All these properties were perfectly described by Dmitry Bulanov. Here's a screenshot. Click on it to enlarge.

It makes no sense to set all columns in the table, since key properties are displayed in the viewport. If the latter is not displayed for you, then double-clicking the left mouse button on the event in a separate window will see its properties

The General tab has a description of this error and sometimes a fix. Below you can find all the properties of the event, and in the Details section there is a link to the Web Help, which will probably provide information on how to fix the error.

Event logs

Key Management Service- Key management service events are recorded. Designed to manage activations of corporate versions of operating systems. The magazine is empty because you can do without it on your home computer.

Logs also have their own Properties. To view them, right-click on the log and select Properties from the context menu.

In the opened properties you see the full name of the log, the path to the log file, its size and the dates of creation, modification and when it was opened

The Enable logging checkbox is also checked. It is inactive and cannot be removed. I looked at this option in the properties of other journals, where it is also enabled and inactive. For the Equipment Event log, it is in exactly the same position and is not logged.

In the properties, you can set the Maximum log size (KB) and select an action when reaching maximum size... For servers and other important workstations, they most likely make the size of the logs larger and choose Archive the log when full, so that in the event of an emergency, you can track when the malfunction began.

Working with Windows 7 Event Logs

The job is to sort, group, clean up the logs and create custom views to make it easier to find certain events.

We choose any magazine. For example, Application and in the table in the center, click on the header of any column with the left mouse button. Events will be sorted by this column

If you click again, you get the sorting in the opposite direction. The sorting principles are the same as for Windows Explorer. Restrictions on the inability to sort by more than one column.

To group events by a certain column, click on its header with the right mouse button and select Group events by this column. In the example, events are grouped by the Level column.

In this case, it is convenient to work with a specific group of events. For example with Errors. After grouping events, you will be able to collapse and expand groups. This can be done in the event table itself by double-clicking on the group name. For example, by Level: Warning (74).

To delete a grouping, click again on the column heading with the right mouse button and select Delete event grouping.

Clearing the log

If you fixed errors in the system that led to the recording of events in the log, then you probably want to clear the log so that old records do not interfere with diagnosing new computer conditions. To do this, right-click on the log you want to clear and select Clear Log ...

In the window that opens, we can simply clear the log and we can Save it to a file before clearing

Customizable views

Configured sorts and groupings disappear when you close the Event Viewer window. If you often work with events, then you can create custom views. These are certain filters that are saved in the corresponding section of the console tree and do not disappear anywhere when you close the Event Viewer.

To create a custom view, right-click on any log and select Create Custom View ...

In the window that opens, in the Date section, select from the drop-down list the time range for which we need to select events

In the Event level section, check the boxes to select the importance of events.

We can select by a specific magazine or magazines or by source. Switch the radiobox to the desired position and set the necessary checkboxes from the drop-down list

You can select specific event codes to show or not show in the view you create.

When all the presentation options are selected, click OK

In the window that appears, set the name and description of the custom view and click OK

For example, I created a custom view for Errors and Critical Events from the Application and Security logs

This view can be edited later and it will not disappear anywhere when you close the Event Viewer utility. To edit, click on the view with the right mouse button and select the Filter of the current custom view ...

In the window that opens, we do additional settings in view.

You can analogy the Custom View to the saved search terms in Windows Explorer 7.

Conclusion

In this article, we examined the Windows 7 event log. We talked about almost all the basic operations with it for the convenience of finding error and critical events. And then a natural question arises - "How can we correct these errors in the system." Everything is much more complicated here. There is little information on the web and therefore you may have to spend a lot of time looking for information. Therefore, if the work of the computer as a whole suits you, then you can not do it. If you want to try to fix it, watch the video below.

Also, using the event log, you can diagnose the slow boot of Windows 7.

Any comments and suggestions will be welcome.