Where is the windows event log located? Where is the windows event log? Windows 7 event viewer is gone

Hello, dear readers, Trishkin Denis is with you again.
I would like to tell you about one interesting standard application in Windows. Microsoft has always been distinguished by the fact that in its operating systems it tried to implement high security and performance by monitoring programs and various movements in the system. Of course, this did not always work out. One of the tools that allows you to monitor the system is the Windows 7 event log. It is in it that all incorrect installations and unsuccessful program launches are recorded. In it, all actions are arranged in chronological order. It is advisable to check this register from time to time in order to respond to new information in a timely manner.

increase

The application has the following features:

creating a register of data that is recorded in the archive in chronological order;

the presence of special filters that allow you to conveniently view and configure the system;

subscription to some categories of activities;

When a certain type of action occurs, you can set a sequence.

Starting the program( )

The directory can be opened like many other system utilities. It runs like this:

Description( )

So, having found out where the magazine is, you now need to find out what it is. Windows version seven has several motion registers. Thus, there is a service application database and a system archive. The action of the latter is aimed at recording all incidents occurring in the operating system with programs. The first is needed to remember changes that have occurred with service applications. The main tab is “ View", which includes several points:

1 Appendix. Changes associated with a specific program are saved in this menu. For example, here you can find data that the postal service uses - forwarding history, events in mailboxes and much more.

increase

2 Security. This displays information related to logging in and out of the system, using administrator capabilities, and accessing various resources.

increase

3 Installation. Displays data that appears as a result of installing and configuring various programs.

increase

4 System. Failures that occurred when launching built-in applications are recorded here. In addition, this is where data about problematic driver installations and various messages related to the operation of the OS are located.

increase

5 Forwarded events. The item must be configured first. If this is done, data coming from other servers will be stored here.

increase

Additional items( )

In addition, additional divisions are provided:

Description of events( )

Information in the database can be viewed like any other information on a computer. But at the same time, the user must know several basic definitions regarding the operation of the application:

1 Source – the program that sent the data to the log. This could be the name of an application, driver, or other individual component.

increase

2 Event codes are a series of numbers indicating a specific type of action. The first line in most cases contains the name of the type. Typically, the code and source are the main indicators by which a specialist determines an error in the system and tries to fix it.

increase

Level 3 – importance, which is divided into six points:

increase

notification – any change in the application (usually the appearance of an information message);

warning - indicates a problem that may lead to a serious problem in the future;

error – a failure affecting the functions of an event or program;

critical error - a problem as a result of which a component or program cannot automatically restore functionality;

success audit – correct execution of actions monitored by the user;

Failure audit is not the correct execution of actions that are observed by the client.

4 User – indicates the account under which the change occurred.

increase

5 Operating code – a numeric value that defines the period within which the failure occurred.

increase

6 Date and time – shows exactly when this happened.

increase

In addition, the event registry provides a lot of other properties. A detailed acquaintance with them will help you more accurately configure and monitor the system.

Working with the magazine( )

To protect the system from crashes and freezes, it is advisable to promptly view the “base”, which indicates all incidents, actions with different programs and provides a choice of possible operations.

increase

It also shows the time and date of appearance, source. The console allows you to save all changes, clear them and change the table itself, which contains the necessary data.

Clearing the log( )

In addition to simple viewing, the program can be cleaned, I will tell you how this is done further. This is necessary for quick analysis of all OS errors. How to delete events? Just follow some steps.

Hello, friends! In this article we will look at Windows 7 event log. The operating system records almost everything that happens to it in this log. It is convenient to view it using the Event Viewer application, which is installed with Windows 7. To say that there are a lot of recorded events is to say nothing. Their darkness. But it’s difficult to get confused in them since everything is sorted into categories.

Thanks to the event log, it is much easier for specialists and ordinary users to find errors and fix them. When I say easier, I don't mean easy. Almost always, to correct a recurring error, you will have to use a lot of search and re-read a bunch of material. Sometimes it's worth it to get rid of non-standard operating system behavior.

In order for the operating system to successfully fill event logs, the Windows Event Log service, which is responsible for this, must be running. Let's check if this service is running. In the search field of the main Start menu, look for Services

Finding a service Windows Event Log and check the Status - Works and Startup type - Automatically

If this service is not running, double-click on it with the left mouse and in the properties, in the Startup type section, select Automatic. Then click Run and OK

The service has started and the event logs will begin to fill.

Launch the Event Viewer utility using the search from the Start menu

The default utility looks like this:

A lot of things here can be customized for yourself. For example, you can use the buttons below the menu area to hide or show the Console Tree on the left and the Actions panel on the right

The area at the bottom center is called the Viewing Area. It displays information about the selected event. It can be removed by unchecking the corresponding checkbox in the View menu or by clicking on the cross in the upper right corner of the viewing area

The main field is located at the top center and is a table with the events of the log that you selected in the Console Tree. By default, not all columns are displayed. You can add and change their display order. To do this, right-click on the header of any column and select Add or remove columns...

In the window that opens, add the required columns from the left field to the Displayed columns column

To change the order of display of columns in the right field, select the desired column and use the Up and Down buttons to change the location.

Each column is a specific property of the event. All these properties were perfectly described by Dmitry Bulanov. I'll give you a screenshot. Click on it to enlarge.

There is no point in setting all the columns in the table since the key properties are displayed in the viewport. If the latter is not displayed for you, then by double-clicking with the left mouse button on the event in a separate window you will see its properties

The General tab has a description of this error and sometimes a way to fix it. Below are all the properties of the event and in the Details section there is a link to Web Help where information on correcting the error may be available.

Event logs

Key Management Service— Key management service events are recorded. Designed to manage activations of corporate versions of operating systems. The log is empty because you can do without it on your home computer.

Magazines also have their own Properties. To view them, right-click on the log and select Properties in the context menu

In the properties that open, you see the Full name of the log, Path to the log file, its size and dates of creation, changes and when it was opened

The Enable logging checkbox is also checked. It is not active and cannot be removed. I looked at this option in the properties of other magazines, there it is also enabled and inactive. For the Equipment Events log, it is in exactly the same position and the log is not maintained.

In the properties, you can set the Maximum log size (KB) and select an action when the maximum size is reached. For servers and other important workstations, most likely make the log size larger and select Archive log when full, so that in case of an emergency you can track when the malfunction began.

Working with Windows 7 event logs

The work involves sorting, grouping, cleaning up logs and creating custom views to make it easier to find certain events.

Choose any magazine. For example, Application and in the table, in the center, click on the header of any column with the left mouse button. Events will be sorted by this column

If you press again you will get sorting in the opposite direction. The sorting principles are the same as for Windows Explorer. The limitation is that you cannot sort by more than one column.

To group events by a specific column, right-click on its header and select Group events by this column. In the example, events are grouped by the Level column

In this case, it is convenient to work with a specific group of events. For example with errors. After grouping events, you will be able to collapse and expand groups. This can also be done in the event table itself by double-clicking on the group name. For example, Level: Warning (74).

To delete a grouping, right-click on the column header again and select Delete event grouping.

Clearing the log

If you have corrected errors in the system that led to events being recorded in the log, then you will probably want to clear the log so that old entries do not interfere with diagnosing new computer conditions. To do this, right-click on the log you want to clear and select Clear Log...

In the window that opens, we can simply clear the log and we can Save it to a file before clearing

Custom views

Configured sorting and groupings disappear when you close the Event Viewer window. If you often work with events, you can create custom views. These are certain filters that are saved in the corresponding section of the console tree and do not disappear anywhere when Event Viewer is closed.

To create a custom view, right-click on any journal and select Create custom view...

In the window that opens, in the Date section, select from the drop-down list the time range for which we need to select events

In the Event Level section, check the boxes to select the importance of events.

We may sample by specific journal or journals or by source. Switch the radio box to the desired position and select the necessary checkboxes from the drop-down list

You can select specific event codes to be shown or not shown in the view you create.

When all the view options have been selected, click OK.

In the window that appears, set the name and description of the custom view and click OK

For example, I created a custom view for Errors and critical events from the Application and Security logs

This view can later be edited and will not disappear when you close the Event Viewer utility. To edit, right-click on the view and select Filter current custom view...

In the window that opens, we make additional settings in the view.

You can compare Custom View to saved searches in Windows 7 Explorer.

Conclusion

In this article, we looked at the Windows 7 event log. We talked about almost all the basic operations with it for the convenience of finding error events and critical events. And here a logical question arises: “How can we correct these errors in the system?” Everything is much more complicated here. There is little information on the Internet and therefore you may have to spend a lot of time searching for information. Therefore, if you are generally satisfied with the operation of the computer, then you don’t have to do this. If you want to try to fix it, watch the video below.

You can also use the event log to diagnose slow loading Windows 7.

I will be glad to receive any comments and suggestions.

The Windows operating system, version seven, has implemented a function for tracking important events that occur at work. At Microsoft, the concept of “events” means any incidents in the system that are recorded in a special log and signaled to users or administrators. This could be a utility program that doesn't want to run, an application crashing, or devices not being installed correctly. All incidents are recorded and saved by the Windows 7 event log. It also arranges and shows all actions in chronological order, helps to carry out system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should periodically review this log for new information and configure the system to save important data.

Window 7 - programs

The Event Viewer computer application is the main part of Microsoft utility utilities that are designed to monitor and view the event log. This is a necessary tool for monitoring system performance and eliminating emerging errors. The Windows utility that manages the documentation of incidents is called the Event Log. If this service is started, then it begins to collect and log all important data in its archive. The Windows 7 Event Log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating and managing subscriptions for specific incidents;

Assign specific actions when certain events occur.

How to open Windows 7 event log?

The program responsible for recording incidents is launched as follows:

1. The menu is activated by pressing the “Start” button in the lower left corner of the monitor, then the “Control Panel” opens. In the list of controls, select “Administration” and in this submenu click on “Event Viewer”.

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search window and send a request to search for the file. Next, the MMC table will open, where you need to select the paragraph indicating adding and removing equipment. Then the “Event Viewer” is added to the main window.

What is the application described?

In the Windows 7 and Vista operating systems, two events are installed: system archives and application service log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the Event Log service uses the View tab, which is divided into the following items:

Application - events that are associated with a specific program are stored here. For example, postal services store in this place the history of sending information, various events in mailboxes, and so on.

The “Security” item stores all data related to logging in and out of the system, using administrative capabilities and accessing resources.

Installation - this Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - records all operating system events, such as failures when launching service applications or when installing and updating device drivers, various messages regarding the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the “Administration” menu, where the event log in Windows 7 is located, there are the following additional items:

Internet Explorer - events that occur during operation and configuration of the browser of the same name are recorded here.

Windows PowerShell - incidents related to the use of PowerShell are recorded in this folder.

Equipment events - if this item is configured, then the data generated by the devices is logged.

The entire structure of the "seven", which ensures the recording of all events, is based on the Vista type on XML. But to use the event log program in Window 7, you don't need to know how to use this code. The Event Viewer application will do everything itself, providing a convenient and simple table with menu items.

Incident characteristics

A user who wants to know how to view the Windows 7 event log must also understand the characteristics of the data that he wants to view. After all, there are different properties of certain incidents described in the “Event Viewer”. We will look at these characteristics below:

Sources - a program that records events in a log. The names of applications or drivers that influenced a particular incident are recorded here.

Event code is a set of numbers that determine the type of incident. This code and event source name are used by system software technical support to troubleshoot software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Error.

4. Dangerous mistake.

5. Monitoring successful error correction operations.

6. Audit of unsuccessful actions.

Users - records data from accounts on whose behalf there may be names of various services, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur while the operating system is running. All incidents are displayed in the “Event Viewer” with a description of all related information data.

How to work with the event log?

A very important point in protecting the system from crashes and freezes is to periodically review the “Application” log, which records information about incidents, recent actions with a particular program, and also provides a selection of available operations.

By going to the Windows 7 event log, in the “Application” submenu you can see a list of all programs that caused various negative events in the system, the time and date of their occurrence, the source, and the degree of problem.

User Responses to Events

Having learned how to open the Windows 7 event log and how to use it, you should next learn how to use the Task Scheduler application with this useful application. To do this, you need to right-click on any incident and in the window that opens, select the menu for linking a task to an event. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and correct it.

An error in the log is not a reason to panic

If, while looking at the Windows 7 system event log, you see system errors or warnings appearing periodically, then you should not worry or panic about this. Even with a perfectly functioning computer, various errors and failures may be recorded, most of which do not pose a serious threat to the performance of the PC.

The application we are describing was created to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

Based on all of the above, it becomes clear that the event log is a way that allows programs and the system to record and save all events on the computer in one place. This log stores all operational errors, messages and warnings from system applications.

Where is the event log in Windows 7, how to open it, how to use it, how to correct errors that appear - we learned all this from this article. But many will ask: “Why do we need this, we are not system administrators, not programmers, but ordinary users who don’t seem to need this knowledge?” But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to cure himself in one way or another. And many often succeed. Likewise, a computer, which is a digital organism, can “get sick”, and this article shows one of the ways to diagnose the cause of such a “disease”; based on the results of such an “examination”, you can make the right decision on methods of subsequent “treatment”.

So information about the method of viewing events will be useful not only to the system specialist, but also to the ordinary user.

Hello everyone!!

It's no secret that in the Windows SEVEN operating system, just like in Windows Vista, there are two categories of event logs: application and service logs and Windows logs.

Windows logs are used by the operating system to record system-wide events that are related to the operation of system components, applications, security, and startup. Application and service logs - Applications and services are used to record events that are associated with their operation. You can use the Event Viewer snap-in or the wevtutil command-line tool to manage event logs
I would like to dwell on how you can work with event logs:
In order to view these same application log events, we need to perform the following steps:
Select "Windows Logs" in the console tree.
Select the "Applications" magazine.
Whenever possible, it is advisable to review the System and Application event logs frequently to examine existing problems and warnings that may predict future problems. The middle window, when you select a log, displays available events, including event date, event level, time and source, and other data.
The Viewport pane displays event data on the General tab and additional specific data on the Details tab.

This panel can be turned on and off by selecting the View menu and then the Viewport command.
It is recommended to store logs for the last few months for critical systems. It is usually not very convenient to assign magazines such a size that all the information fits in them, and therefore this problem can be solved differently. Logs can be exported to files located in a specified folder. To save the selected log you need to do the following:
Select the event log that you want to save in the console tree;
Select the "Save events as" command from the "Action" menu or select the "Save all events as" command from the log context menu;
In the "Save As" dialog, select the folder in which the file should be saved. If you need to save a file in a new folder, you can create it directly from this dialog using the context menu or the “New Folder” button on the action bar. In the "File type" field, you must select the desired file format from the available ones: event files - *.evtx, xml file - *.xml, tab-delimited text - *.txt, comma-separated csv - *.csv. In the "File name" field, enter a name and click on the "Save" button. Click on the "Cancel" button to cancel saving.
If the event log is not intended to be viewed on another computer, leave the default option “Do not display information” in the “Display information” dialog box, and if the log is intended to be viewed on another computer, then in the “Display information” dialog box Select the option “Display information for the following languages” and click on the “OK” button.
How to work with event logs:
Event Viewer
If you want to view application log events, follow these steps:
Select "Windows Logs" in the console tree;
Select the Applications magazine.
It is advisable to review the System and Application event logs for any problems or warnings. When you select a log, the available events are displayed in the middle window.
The Viewport pane will show basic event data on the General tab, and additional data will appear on the Details tab. You can turn this panel on and off by selecting the "View" menu and the "Viewport" command.
It is recommended for critical systems to store logs for the last months.

It is usually inconvenient to assign such a size to magazines so that all the information fits in them; this problem can be solved differently. You can export logs to files located in a specified folder. To save the selected log, follow these steps:
In the console tree, select the event log that you want to save;
Select the "Save events as" command from the "Action" menu or select the "Save all events as" command from the log menu;
In the "Save As" dialog, select the folder in which the file should be saved. If you need to save the file in a new folder, you can create it from this dialog using the context menu or the “New Folder” button on the action bar. In the "File type" field, select the desired file format from the suggested ones: event files - *.evtx, tab-delimited text - *.txt,
xml file - *.xml,
csv comma separated - *.csv. In the "File name" field, enter a name and click on the "Save" button. To cancel saving, click on “Cancel”; If the event log is not intended to be viewed on another computer, in the "Display information" dialog box, leave the "Do not display information" option set by default, and if the log is intended to be viewed on another computer, then in the "Display information" dialog box " Select the option "Display information for the following languages" and click "OK".
Clearing the event log
Select the event log in the console tree that needs to be cleared; Clear the log using one of the following methods:
From the "Action" menu, select "Clear Log"
On the selected log, click to open the right-click context menu. In the context menu, select the "Clear log" command
Next, you can clear the log or archive it if this has not been done previously:
If you clear the event log without saving, click on the “Clear” button;
To clear the event log after saving it, click on “Save and clear”. In the "Save As" dialog, select the folder in which the file should be saved. If you need to save a file in a new folder, you can create it from this dialog using the context menu or the “New Folder” button on the action bar. In the "File name" field, enter a name and click on "Save". To cancel saving, press “Cancel”. Phew, that’s all, but if it’s not clear, I’m waiting for your comments.

That's all and see you again...

Hello, dear readers, Trishkin Denis is with you again. I would like to tell you about one interesting standard application in Windows. Microsoft has always been distinguished by the fact that in its operating systems it tried to implement high security and performance by monitoring programs and various movements in the system. Of course, this did not always work out. One of the tools that allows you to monitor the system is the Windows 7 event log. It is in it that all incorrect installations and unsuccessful program launches are recorded. In it, all actions are arranged in chronological order. It is advisable to check this register from time to time in order to respond to new information in a timely manner.

Windows log capabilities (to contents)

increase

The application has the following features:

creating a register of data that is recorded in the archive in chronological order;

the presence of special filters that allow you to conveniently view and configure the system;

subscription to some categories of activities;

When a certain type of action occurs, you can set a sequence.

Launching the program (to contents)

The directory can be opened like many other system utilities. It runs like this:

Description(to contents)

So, having found out where the magazine is, you now need to find out what it is. Windows version seven provides several motion registers. Thus, there is a service application database and a system archive. The action of the latter is aimed at recording all incidents occurring in the operating system with programs. The first is needed to remember changes that have occurred with service applications. The main one is the “View” tab, which includes several items:

In addition, additional divisions are provided:

Information in the database can be viewed like any other information on a computer. But at the same time, the user must know several basic definitions regarding the operation of the application:

In addition, the event registry provides a lot of other properties. A detailed acquaintance with them will help you more accurately configure and monitor the system.

To protect the system from crashes and freezes, it is advisable to promptly view the “Application” database, which indicates all incidents, actions with different programs and provides a choice of possible operations.

increase

It also shows the time and date of appearance, source. The console allows you to save all changes, clear them and change the table itself, which contains the necessary data.

Constantly looking through the operating system registry, you can see that various errors and warnings often appear here. However, you shouldn’t panic right away - many of them do not threaten your computer in any way. But at the same time, they can appear even on a perfectly working machine.

increase

In fact, this application was developed for system administrators so that they could find out about the problem and fix it as soon as possible.

Increasing the memory capacity for journal entries (to contents)

Initially, the file in which the data is stored is itself small in size. But it can be increased. To do this you need:

After reaching the maximum size, processing is carried out by their storage policy. There are these types:

1Rewrite if necessary. New lines replace the oldest ones.

2Not rewriting. The file is cleaned manually.

To select the desired policy, you need:

Launch problems (to contents)

Sometimes it happens that the magazine does not start.

The solution to the problem, although not simple, is nevertheless effective. So, in the windows folder we find System32, and then wineyf. It and all the files inside need to be given full access for the Local Service user. It is under this that the program works. Sometimes you need to do the same for the LogFiles folder located in the same directory.

Disconnection(to contents)

The event log can be disabled like any other service.

Go to Control Panel, “Administration”.

Here we find “Services”, select the one you need and change the startup type to “Disabled”. This program will continue to run until the first reboot.

increase

The Event Log in Windows 7 is a convenient tool that allows you to monitor various operations occurring on your computer. This will allow you to correct errors, which will improve interaction with the system.

Subscribe and tell your friends about me.

windwix.ru

Windows 7 event log

Hello, friends! In this article, we will look at the Windows 7 event log. The operating system records almost everything that happens to it in this log. It is convenient to view it using the Event Viewer application, which is installed with Windows 7. To say that there are a lot of recorded events is to say nothing. Their darkness. But it’s difficult to get confused in them since everything is sorted into categories.

Launching and reviewing the Event Viewer utility

Find the Windows Event Log service and check Status - Running and Startup Type - Automatic

If this service is not running, double-click on it with the left mouse and in the properties, in the Startup type section, select Automatic. Then click Run and OK

The service has started and the event logs will begin to fill.

Launch the Event Viewer utility using the search from the Start menu

The default utility looks like this:

A lot of things here can be customized for yourself. For example, you can use the buttons below the menu area to hide or show the Console Tree on the left and the Actions panel on the right

In the window that opens, add the required columns from the left field to the Displayed columns column

To change the order of display of columns in the right field, select the desired column and use the Up and Down buttons to change the location.

Event Properties

Each column is a specific property of the event. All these properties were perfectly described by Dmitry Bulanov here. I'll give you a screenshot. Click on it to enlarge.

Event logs

In the Windows 7 operating system, logs are divided into two categories:

windows logs
Application and service logs

Windows logs contain information related only to the operating system. In application and service logs, respectively, about all services and individually installed applications.

All magazines are located at

%SystemRoot%\System32\Winevt\Logs\ = C:\windows\System32\winevt\Logs\

Let's look at the main ones

Application - events about utilities that are installed with the operating system are recorded

Security - events about entering and exiting windows are recorded and access to resources is recorded. That is, if the user went to the wrong place, this will most likely be recorded in the event

Installation - events about the installation and removal of Windows components are recorded. This log is empty for me, probably because I didn’t change any system components

System - system events are recorded. For example, network alerts or Microsoft Antimalware update messages

Redirected events - events redirected from other computers are recorded. That is, on one network administrator’s computer, you can monitor events about other computers on the network if you make a redirection

ACEEventLog - this service appeared today after updating drivers from AMD. Until this moment she was not there. If you have a computer based on an AMD processor or equipped with an AMD graphics card, then most likely you will also have one

Internet Explorer - all events related to the built-in browser in Windows are recorded

Key Management Service - Key management service events are recorded. Designed to manage activations of corporate versions of operating systems. The log is empty because you can do without it on your home computer.

Magazines also have their own Properties. To view them, right-click on the log and select Properties in the context menu

In the properties that open, you see the Full name of the log, Path to the log file, its size and dates of creation, changes and when it was opened

Working with Windows 7 event logs

The work involves sorting, grouping, cleaning up logs and creating custom views to make it easier to find certain events.

Sorting events

Choose any magazine. For example, Application and in the table, in the center, click on the header of any column with the left mouse button. Events will be sorted by this column

If you press again you will get sorting in the opposite direction. The sorting principles are the same as for Windows Explorer. The limitation is that you cannot sort by more than one column.

Event grouping

To group events by a specific column, right-click on its header and select Group events by this column. In the example, events are grouped by the Level column

To delete a grouping, right-click on the column header again and select Delete event grouping.

Clearing the log

In the window that opens, we can simply clear the log and we can Save it to a file before clearing

Custom views

To create a custom view, right-click on any journal and select Create custom view...

In the window that opens, in the Date section, select from the drop-down list the time range for which we need to select events

In the Event Level section, check the boxes to select the importance of events.

We may sample by specific journal or journals or by source. Switch the radio box to the desired position and select the necessary checkboxes from the drop-down list

You can select specific event codes to be shown or not shown in the view you create.

When all the view options have been selected, click OK.

In the window that appears, set the name and description of the custom view and click OK

For example, I created a custom view for Errors and critical events from the Application and Security logs

This view can later be edited and will not disappear when you close the Event Viewer utility. To edit, right-click on the view and select Filter current custom view...

In the window that opens, we make additional settings in the view.

You can draw an analogy between Custom View and saved search terms in Windows 7 Explorer.

Conclusion

In this article, we looked at the Windows 7 event log. We talked about almost all the basic operations with it for the convenience of finding error events and critical events. And here a logical question arises - “How to correct these errors in the system.” Everything is much more complicated here. There is little information on the Internet and therefore you may have to spend a lot of time searching for information. Therefore, if you are generally satisfied with the operation of the computer, then you don’t have to do this. If you want to try to fix it, watch the video below.

You can also use the event log to diagnose slow loading of Windows 7.

I will be glad to receive any comments and suggestions.

Best regards, Anton Dyachenko

YouPK.ru

How to clear all windows logs using a script

view event log

Sometimes, in order to look at some error or event, it is difficult to search for it among a bunch of events; you can, of course, filter, but it’s easier to clear everything. Cleaning it manually is long and tedious, I suggest a script that will clean all windows logs. Before executing the script, I advise you to save windows logs in the event viewer for further study, many times it happened that old files turn out to be very necessary, learn from the mistakes of others, or better yet, don’t make them at all.

Before cleaning we see that there are a lot of events in the windows logs

We execute the script, you need to run it as an administrator.

Afterwards, the obvious result is that all Windows logs are deleted in the Event Viewer snap-in, and you will only find an event about who performed the deletion and when.

here is the text of the script

@echo off FOR /F "tokens=1,2*" %%V IN ("bcdedit") DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=* " %%G in ("wevtutil.exe el") DO (call:do_clear "%%G") echo. echo goto theEnd:do_clear echo clearing %1 wevtutil.exe cl %1 goto:eof:noAdmin

Download the script itself

As you can see, Windows logs are very quickly and easily deleted by the script; if you need to clear them en masse, we hang it in the task scheduler. I also advise you to familiarize yourself with the method How to clear the event viewer using PowerShell

Material from the site pyatilistnik.org

pyatilistnik.org

Windows 7 event log. Where to find the system log

The seventh version of the Windows operating system has implemented a function for tracking important events that occur in the operation of system programs. At Microsoft, the concept of “events” refers to any incidents in the system that are recorded in a special log and signaled to users or administrators. This could be a utility program that doesn't want to run, an application crashing, or devices not being installed correctly. All incidents are recorded and saved by the Windows 7 event log. It also arranges and shows all actions in chronological order, helps to carry out system monitoring, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should periodically review this log for new information and configure the system to save important data.

Window 7 - programs

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating and managing subscriptions for specific incidents;

Assign specific actions when certain events occur.

How to open the Windows 7 event log?

The program responsible for recording incidents is launched as follows:

What is the application described?

The Windows 7 and Vista operating systems have two types of event logs: system archives and application service log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the Event Log service uses the View tab, which is divided into the following items:

Application – events that are associated with a specific program are stored here. For example, postal services store in this place the history of sending information, various events in mailboxes, and so on.

The “Security” item stores all data related to logging in and out of the system, using administrative capabilities and accessing resources.

Installation - this Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

Forwarded events – if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the “Administration” menu, where the event log in Windows 7 is located, there are the following additional items:

Internet Explorer – events that occur during the operation and configuration of the browser of the same name are recorded here.

Windows PowerShell – incidents related to the use of PowerShell are recorded in this folder.

Equipment events – if this item is configured, then the data generated by the devices is logged.

Incident characteristics

Sources – a program that records events in a log. The names of applications or drivers that influenced a particular incident are recorded here.

Event code is a set of numbers that determine the type of incident. This code and event source name are used by system software technical support to correct errors and resolve software failures.

Level – the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Error.

4. Dangerous mistake.

5. Monitoring successful error correction operations.

6. Audit of unsuccessful actions.

Users – records the data of the accounts on whose behalf the incident occurred. These can be the names of various services, as well as real users.

Date and time – records the timing of the occurrence of the event.

There are many other events that occur while the operating system is running. All incidents are displayed in the “Event Viewer” with a description of all related information data.

How to work with the event log?

User Responses to Events

Having learned how to open the Windows 7 event log and how to use it, you should then learn how to use the Task Scheduler with this useful application. To do this, you need to right-click on any incident and in the window that opens, select the menu for linking a task to an event. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and correct it.