operating system Windows Vista carefully and tirelessly monitors everything that happens to her. Absolutely all actions, which are called “events,” are constantly recorded and distributed into various categories. The Event Viewer program (which, in case you were wondering, is a tool of MMC) can be thought of as a journal kept by a scrupulous and meticulous old lady on a bench at the entrance. It records who enters and leaves the house, what conversations are taking place between residents, who divorced whom and got into fights. In other words, it has a complete picture of how the house lives.

A similar spy function is performed by the Event Viewer program, which, unlike the old lady’s curiosity, is designed to diagnose and identify problems in the operation of the OS that the user had no idea about.

All events occurring in the system are recorded in special system logs. Event Viewer allows you to view the contents of these logs, archive them, and delete them. How exactly can you use this program? The main purpose is to identify problems that have arisen and the cause of their occurrence. If the device malfunctions, HDD“busy to capacity”, some program constantly “freezes” or another unpleasant event occurred, information about what happened will be recorded in the corresponding system log. Next, just launch Event Viewer and get complete and clear information from the system log.

You can start Event Viewer in one of the following ways.

• Select a team Start>Control Panel, click on the link System and its maintenance, then on the link Administration and finally on the link Event Viewer.
• The second method for the impatient: enter the command in the command line eventvwr.

Recall that, in addition to clicking the button Start, call window command line possible by pressing the key combination . Also remember that administrative access is required to use all the capabilities of the Event Viewer tool.

In any case, the window shown below will open.

• View events from multiple system logs.
• Create event filters as custom views.
• The ability to create a task that runs automatically with a specific event.

Let's take a closer look at the window shown above. The window is divided into three panels. On the left panel Event Viewer There are several folders containing custom views, stories, and subscriptions. The central panel contains several submenus, such as And Recently Viewed Nodes. Finally, on the right panel Actions You can choose specific actions, such as creating a custom view or connecting to another computer.

Panel allows you to quickly identify all important events recorded over the past hour, day or week. Each event type can be expanded to reveal detailed information about the event. The panel gives a general picture of what is happening in the system, and to obtain specific information you should go to a specific event.

Since Event Viewer is used to view system logs, click on the folder icons And Application and service logs in the left panel to expand the list of available journals. Let's look at it in more detail. In folder The following magazines are presented.

• Application. Events in this log are generated by applications including installed programs included with Windows Vista and services operating system. Exactly what events are recorded in this log depends on the specific program.
• Safety. This log lists user logon attempts (successful and unsuccessful), as well as actions related to shared resources, such as actions to create, modify, or delete files or folders.
• Settings. Events in this log are created when programs are installed.
• System. System events are generated by Windows itself and by installed components such as device drivers. The log is convenient to use to detect drivers that are loading when Windows startup There has been a breakdown.
• Forwarded events. This log contains events collected from other computers on the network.

In folder Application and service logs you can find entries for individual applications and services. While other logs provide general entries, this log provides information about the operation of specific programs. Pay attention to the Microsoft subfolder, which in turn contains a subfolder Windows folder. In this folder you can find entries for a wide variety of Windows Vista components, presented in separate folders.

The topic of this article is the use of something unfamiliar to most users Windows tool: Event Viewer or Event Viewer.

What can this be useful for? First of all, if you want to figure out for yourself what is happening with the computer and solve various kinds of problems in the operation of the OS and programs - given The utility can help you, provided you know how to use it.

Interface of this instrument administration can be divided into three parts:

• The left panel contains a tree structure in which events are sorted by various parameters. In addition, you can add your own “Custom Views” here, which will display only the events you need.
• In the center, when you select one of the “folders”, the list of events itself will be displayed on the left, and when you select any of them, in the lower part you will see more detailed information about it.
• The right side contains links to actions that allow you to filter events by parameters, find the ones you need, create custom views, save the list, and create a task in the task scheduler that will be associated with a specific event.

Event Information

As I said above, when you select an event, information about it will be displayed at the bottom. This information can help you find a solution to the problem on the Internet (however, not always) and it is worth understanding which property means what:

• Log name - the name of the log file where the event information was saved.
• Source - the name of the program, process or system component that generated the event (if you see Application Error here), then you can see the name of the application itself in the field above.
• Code- event code, can help you find information about it on the Internet. True, it’s worth searching in the English-language segment for Event ID + digital designation of the code + name of the application that caused the failure (since the event codes for each program are unique).
• Operation code - as a rule, “Details” is always indicated here, so this field is of little use.
• Task category, keywords- not usually used.
• User and computer - reports on behalf of which user and on which computer the process that caused the event was launched.

At the bottom, in the "Details" field, you can also see an "Online Help" link, which reports information about the event to the Microsoft site and should, in theory, display information about this event. However, in most cases you will see a message stating that the page was not found.

To find information about an error, it is better to use the following query: Application name + Event ID + Code + Source. You can see an example in the screenshot. You can also try searching in Russian, but there are more informative results in English. Text information about the error is also suitable for searching (double-click on the event).

Note: on some sites you can find an offer to download programs to correct errors with one or another code, and all possible error codes are collected on one site - you should not download such files, they will not fix problems, and will most likely lead to additional ones.

It's also worth noting that most warnings aren't anything dangerous, and error messages don't always mean there's something wrong with your computer.

View Windows Performance History

In Windows Event Viewer you can find a lot of interesting things, for example, look at problems with your computer's performance.

To do this, in the right pane, open Applications and Services Logs - Microsoft - Windows - Diagnostics-Perfomance - Running and see if there are any errors among the events - they report that some component or program has caused the slowdown Windows boot. By double click By event, you can call up detailed information about it.

Using filters and custom views

The sheer number of events in the logs makes them difficult to navigate. Moreover, most of them are not critical important information. The best way display only the events you need - use custom views: you can set the level of events you want to display - errors, warnings, critical errors, as well as their source or journal.

To create a custom view, click the appropriate item in the panel on the right. After creating a custom view, you can apply additional filters to it by clicking on “Filter current custom view”.

Of course, this is not all that Windows Event Viewer can be useful for, but this, as noted, is an article for novice users, that is, for those who do not know about this utility at all. Perhaps it will encourage further study of this and other OS administration tools.

In the operating room Windows system the seventh version implements the function of tracking important events that occur in work. At Microsoft, the concept of “events” means any incidents in the system that are recorded in a special log and signaled to users or administrators. This could be a utility program that doesn't want to run, an application crashing, or devices not being installed correctly. All incidents are recorded and saved by the Windows 7 event log. It also arranges and shows all actions in chronological order, helps to carry out system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should periodically review this log for new information and configure the system to save important data.

Window 7 - programs

The Event Viewer computer application is the main part of Microsoft utility utilities that are designed to monitor and view the event log. This necessary tool to monitor system performance and eliminate emerging errors. The Windows utility that manages the documentation of incidents is called the Event Log. If this service is started, then it begins to collect and log all important data in its archive. The Windows 7 Event Log allows you to do the following:

Viewing data recorded in the archive;

Usage various filters events and their saving for further use in system settings;

Creating and managing subscriptions for specific incidents;

Assign specific actions when certain events occur.

How to open Windows 7 event log?

The program responsible for recording incidents is launched as follows:

1. The menu is activated by pressing the “Start” button in the lower left corner of the monitor, then the “Control Panel” opens. In the list of controls, select “Administration” and in this submenu click on “Event Viewer”.

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search window and send a request to search for the file. Next, the MMC table will open, where you need to select the paragraph indicating the addition and removal of equipment. Then the “Event Viewer” is added to the main window.

What is the application described?

In the Windows 7 and Vista operating systems, two events are installed: system archives and application service log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the Event Log service uses the View tab, which is divided into the following items:

Application - events that are associated with some kind are stored here specific program. For example, postal services store in this place the history of sending information, various events in mailboxes and so on.

The “Security” item stores all data related to logging in and out of the system, using administrative capabilities and accessing resources.

Installation - this Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - records all operating system events, such as failures when launching service applications or when installing and updating device drivers, various messages regarding the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the “Administration” menu, where the event log in Windows 7 is located, there are the following additional items:

Internet Explorer - events that occur during operation and configuration of the browser of the same name are recorded here.

Windows PowerShell - incidents related to the use of PowerShell are recorded in this folder.

Equipment events - if this item is configured, then the data generated by the devices is logged.

The entire structure of the "seven", which ensures the recording of all events, is based on the Vista type on XML. But to use the event log program in Window 7, you don't need to know how to use this code. The Event Viewer application will do everything itself, providing convenient and a simple table with menu items.

Incident characteristics

A user who wants to know how to view the Windows 7 event log must also understand the characteristics of the data that he wants to view. After all, there are different properties of certain incidents described in the “Event Viewer”. We will look at these characteristics below:

Sources - a program that records events in a log. The names of applications or drivers that influenced a particular incident are recorded here.

Event code is a set of numbers that determine the type of incident. This code and event source name is used technical support system support for and elimination of software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Error.

4. Dangerous mistake.

5. Monitoring successful operations to correct errors.

6. Audit of unsuccessful actions.

Users - records the data of accounts on behalf of which there may be names various services, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur while the operating system is running. All incidents are displayed in the “Event Viewer” with a description of all related information data.

How to work with the event log?

Very important point To protect the system from crashes and freezes is to periodically review the “Application” log, which records information about incidents, recent actions with a particular program, and also provides a selection of available operations.

By going to the Windows 7 event log, in the “Application” submenu you can see a list of all programs that caused various negative events in the system, the time and date of their occurrence, the source, and the degree of problem.

User Responses to Events

Having learned how to open the Windows 7 event log and how to use it, you should then learn how to use it useful application"Task Manager". To do this, you need to right-click on any incident and in the window that opens, select the menu for linking a task to an event. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and correct it.

An error in the log is not a reason to panic

If, while looking at the Windows 7 system event log, you see system errors or warnings appearing periodically, then you should not worry or panic about this. Even with a perfectly functioning computer, various errors and failures may be recorded, most of which do not pose a serious threat to the performance of the PC.

The application we are describing was created to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

Based on all of the above, it becomes clear that the event log is a way that allows programs and the system to record and save all events on the computer in one place. This journal stores everything operational errors, messages and warnings from system applications.

Where is the event log in Windows 7, how to open it, how to use it, how to correct errors that appear - we learned all this from this article. But many will ask: “Why do we need this, we don’t system administrators, not programmers, but ordinary users who don’t seem to need this knowledge?” But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to cure himself in one way or another. And many often succeed. Likewise, a computer, which is a digital organism, can “get sick”, and this article shows one of the ways to diagnose the cause of such a “disease”, based on the results of such an “examination” one can accept correct solution about methods of subsequent “treatment”.

So information about the method of viewing events will be useful not only to the system specialist, but also to the ordinary user.

I think that every user who works with a computer has encountered problems and errors. It's time for you to learn how to read the Windows event log, which displays messages from applications and the system itself: errors, informational messages, warnings. This contains information about events that the system considered recording for the administrator. Just like that, just in case you are a fireman.

In a normally operating system, the user does not know the way here - there is simply no need. However, when errors (lags) appear in Windows, there are many reasons to look here, fortunately there is something to learn from here.

Where is the Event Log?

Most quick way to get into it is to type in the search bar after pressing the key WIN the words "event logs". And click on the appropriate link:

Or type Start - command eventvwr.msc. Default, Event Viewer will open tabs, including a summary of administrative events, which lists information by importance for the administrator. The most important of them Critical event type. Take a walk around the section Windows logs, key directories Applications And System.

Everything that happens in the system is recorded in several documents. And most likely, you will find several errors there. This doesn't mean anything yet. If the system is stable, these errors are not critical and will never bother you. By the way, you can take a closer look - errors are saved for programs that have not been on the computer for a long time.

The game was closed using the Alt + F4 keys - mom, apparently, entered the room.

Theoretically, other programs are also told to record important and not so important events in the Journal, however, as far as I remember, they hardly do this.

It may already seem to the reader that attention to the Journal need not be paid.

The log will help an attentive and thoughtful user in cases of serious malfunctions, for example, when the system appears or unexpectedly reboots. Thus, a “dead” driver can easily be detected in the Log. You just need to look carefully at the red icons that appear with the inscription Critical level and remove the specified driver, or maybe think about replacing the device.

nothing bad has happened yet

and here everything is already serious: the computer turned off

We are looking for the necessary events: processes and result logs

For example, after some time of work, we noticed that the mouse was stuck, some folders were missing and paths were not working: the first sign of appearance on the disk. To work with them, you need to sequentially run the disk status check utility chkdsk /f, which will start working after a reboot, and then check for integrity file system Windows itself sfc /scannow. So, you can look at the results of the work of both these and other utilities in the same magazine:

Since one of these utilities is launched by the system only before booting (for the volume that contains this system), it makes sense to search for results using the flag Wininit(from Win dows Init ialization).

How to learn to read the windows event log?

However, you don't have to guess. Microsoft has official page support based on system messages. If you are interested in a specific event, you can visit the web page:

However, in my opinion, very good service which will help you read the Windows event log is a service

It has no analogues in Russia, but for those who speak English and are simply curious, I will show you how to use it. So, for the example taken above, on the service page, enter the error code and the service that caused it in the fields:

All that remains is to enter our terms into the search by clicking on the Search button and results will appear on the page explaining the error. Formally, they will not be much more detailed than the explanations given by the Journal itself, however, if you scroll down the results page, then in the description in English you will see a link to a kind of forum with ready-made solutions to the problem or reasons that users have already encountered when the error of the same name occurs. Everything is in English. I had to study... And, to be honest, your humble servant rarely goes further than this site: something similar has already happened somewhere.

As always, viewing the event log is not a panacea. However, it can save the user from meaningless guessing by saving a lot of time on searching for the problem.

Windows Event Log - how to clear it?

So, we have dealt with the problems, the system is stable. Then let's get rid of unnecessary entries in the Journal: if you visited the Journal, you might have observed some clutter in terms of the number of entries in it.

There are several cleaning methods. You can do this via PowerShell Windows:

Wevtutil el | Foreach-Object(Write-Host "Clearing $_"; wevtutil cl "$_")

You can via the console:

For /f %x in ("wevtutil el") do wevtutil cl "%x"

I will offer you a small script that you can place in Text Document, save with extension .bat. I called mine Cleaning Logs (run the final file with admin rights):

Here's the script:

@echo off FOR /F "tokens=1,2*" %%V IN ("bcdedit") DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=* " %%G in ("wevtutil.exe el") DO (call:do_clear "%%G") echo.

echo goto theEnd:do_clear echo clearing %1 wevtutil.exe cl %1 goto:eof:noAdmin exit

Wait until the script finishes, the console window will close itself:

Using the Windows 7 or XP event log, you can solve most computer problems.

It not only records everything that happens, but also indicates the reasons why problems occur.

The only bad thing is that sometimes they are provided in codes and you have to search for the decryption throughout the network.

Instructions - where is the windows log located?

In it we find one word “administration” and click on it. What should interest you about it? On the left side there is an expanded menu. In it opposite the line “ windows logs

Now you can see all the errors on your computer. They are easy to find. They are in the upper window, indicated by red dots (circles), less important ones - yellow - these are warnings.

The lower window indicates the causes of problems. Usually, it is impossible for beginners to figure them out on their own.

Therefore, from what is indicated there, formulate it logically correct question and look for the answer in a search engine.

Now knowing where the Windows event log is - many shortcomings (errors, malfunctions), with the right approach, you can solve it yourself, as a last resort, contact the service, indicating to the specialists what is written in the lower window.