Check Windows Logs Events

1. Opening Event Viewer:

·        Windows 10/11:

o   Right-click the Start button → Select Event Viewer.

o   Search: Type "Event Viewer" in the taskbar search box → Press Enter.

o   Run Command: Press Win + R → Type eventvwr.msc → Click OK.

2. Understanding the Interface:

·        Left Pane (Navigation Tree):

o   Windows Logs: Core system logs (Application, Security, Setup, System, Forwarded Events).

o   Applications and Services Logs: Detailed logs for specific apps/services.

·        Middle Pane: Lists events with columns like Level, Date/Time, Source, Event ID.

·        Right Pane (Actions): Common tasks (Filter, Save, Clear Logs).

3. Viewing Event Details:

·        Navigate to a log (e.g., Windows Logs → System).

·        Double-click an event to see its General (description) and Details (XML/data).

4. Filtering Events:

·        Right-click a log → Filter Current Log.

·        Set criteria (e.g., Level: Error, specific Event ID, date range).

·        Click OK to apply.

5. Creating Custom Views:

·        Right-click Custom Views → Create Custom View.

·        Define filters → Name the view for quick access.

6. Exporting Logs:

·        Right-click a log → Save All Events As....

·        Choose a location, name the file (.evtx format recommended).

7. Clearing Logs:

·        Right-click a log → Clear Log.

·        Choose to save before clearing (optional).

8. Key Event IDs for Troubleshooting:

·        System:

o   41: Unexpected shutdown.

o   6008: Improper shutdown.

o   10016: Application permission errors.

·        Application:

o   1000: App crash.

o   1001: Windows Error Reporting.

·        Security:

o   4624: Successful login.

o   4625: Failed login.

9. Advanced Features:

·        Forwarded Events: Set up subscriptions to collect logs from remote PCs (requires configuration via Windows Event Collector service).

·        PowerShell Commands:

o   Get-WinEvent -LogName System -MaxEvents 10: Retrieve recent system events.

o   Get-EventLog -LogName Application -EntryType Error: List application errors.

10. Troubleshooting Tips:

·        Correlate Timestamps: Check events around the time an issue occurred.

·        Research Event IDs: Use Microsoft Docs, forums, or search engines.

·        Check Multiple Logs: An application error might relate to a system/service log entry.

11. Security Log Auditing (Optional):

·        Enable via Local Security Policy (secpol.msc) → Security Settings → Local Policies → Audit Policy.

·        Logs events like logon attempts, file access, and policy changes.

12. Practice Scenario:

·        Generate an Error: Force-close an app → Check Application log for Event ID 1000.

·        Check Network Issues: Disconnect from Wi-Fi → Look in System log for network-related errors.

Common Pitfalls to Avoid:

·        Ignoring Event Source and Task Category fields.

·        Not filtering logs, leading to information overload.

·        Overlooking the Details tab for actionable data.

Final Tips:

·        Use Administrator privileges for full access to logs.

·        Regularly clear or archive logs to manage disk space.

·        Combine Event Viewer with Reliability Monitor (search "View reliability history") for a timeline of system issues.

By mastering these steps, you can effectively diagnose system errors, monitor security, and troubleshoot application issues using Event Viewer.