Windows 7 constantly monitors your system for
unusual or noteworthy occurrences. It might be a service that doesn’t
start, the installation of a device, or an application error. Windows 7
tracks these occurrences, called events,
in several different event logs. For example, the Application log
stores events related to applications, including Windows 7 programs and
third-party applications. The System log stores events generated by
Windows 7 and components such as system services and device drivers.
To examine these logs, you use the Event Viewer snap-in. Select Start, type eventvwr, and then press Enter. Figure 1 shows the home page of the Event Viewer, which offers a summary of events, recent views, and available actions.
The scope pane offers three branches: Custom Views, Windows Logs, and Applications and Services Logs.
The
Custom Views branch lists the event views defined on your system (as
described later). If you filter an event log or create a new event
view, the new view is stored in the Custom Views branch.
The Windows Logs branch displays several sub-branches, four of which represent the main logs that the system tracks (see Figure 2):
Application— Stores events related to applications, including Windows 7 programs and third-party applications
Security— Stores events related to system security, including logons, user accounts, and user privileges
Setup— Stores events related to Windows setup
System— Stores events generated by Windows 7 and components such as system services and device drivers
You
should scroll through the Application and System event logs regularly
to look for existing problems or for warnings that could portend future
problems. The Security log isn’t as important for day-to-day
maintenance. You need to use it only if you suspect a security issue
with your machine; for example, if you want to keep track of who logs
on to the computer.
Note
The
System log catalogs device driver errors, but Windows 7 has other tools
that make it easier to see device problems. Device Manager displays an icon on devices that have problems, and you
can view a device’s property sheet to see a description of the problem.
Also, the System Information utility (Msinfo32.exe)
reports hardware woes in the System Summary, Hardware Resources,
Conflicts/Sharing branch and the System Summary, Components, Problem
Devices branch.
When
you select a log, the middle pane displays the available events,
including the event’s date, time, and source; its type (Information,
Warning, or Error); and other data. Here’s a summary of the major
interface changes and new features that you get when viewing a log in
Windows 7’s Event Viewer:
The
Preview pane shows you the basic event data in the General tab, and
more specific data in the Details tab. You can toggle the Preview pane
on and off by selecting View, Preview Pane.
Event data is now stored in XML format. To see the schema, click XML View in the Preview pane’s Details tab.
The Filter command now generates queries in XML format.
You can click Create Custom View to create a new event view based on the event log, event type, event ID, and so on.
You
can attach tasks to events. Click the event you want to work with and
then click Attach Task to This Event in the Action pane. This launches
the Scheduled Tasks Wizard, which enables you to either run a program
or script or have an email sent to you each time the event fires.
You can save selected events to a file using the Event File (.elf) format.
The
Applications and Services Logs branch lists the programs, components,
and services that support the standard event-logging format that is new
to Windows 7. All the items in this branch formerly stored their logs
in separate text files that were unavailable in older versions of Event
Viewer unless you specifically opened the log file.
