Windows

Better troubleshooting capabilities with Windows 7 Event Viewer

Greg Shultz introduces you to some of the new troubleshooting features found in Microsoft Windows 7 Event Viewer.

If you had been holding on to Microsoft Windows XP and just recently made the move to Windows 7, you've begun to discover that a lot has changed in the operating system besides just the new user interface with all its new bells and whistles.

For example, chances are that one of the first places that you probably turned to when troubleshooting problems in Windows XP was the Event Viewer. Well, when you get to Windows 7's Event Viewer, you are in for a new experience.

In this edition of the Windows Desktop Report, I'll introduce you to some of the new features in Windows 7's Event Viewer.

This blog post is also available in PDF format in a TechRepublic download.

An overview

As you know, Event Viewer maintains logs that record information about program, security, and system events that occur on your system. While XP's Event Viewer is an effective tool that you can use to view and manage event logs, gather information about hardware and software problems, as well as monitor security events, it does have some shortcomings. Perhaps the biggest drawback is that XP's Event Viewer does such a good job at logging events, that the number of items in the log can be staggering. As such, sorting through the logs can be a very daunting task. To add insult to injury, not all the events are documented very well and many aren't documented at all -- often leaving even the most experienced troubleshooter puzzled.

Another drawback in the system stems from the fact that Windows XP has other logs that are stored as text files on the hard disk. This means that when troubleshooting problems, you may have to scan through a bunch of text files in addition to scanning through Event Viewer.

Fortunately, Windows 7's developers have spent a great deal of time and effort on improving Event Viewer. Let's take a closer look.

The new Event Viewer

To begin with, the Windows 7 version of the Event Viewer has been completely rewritten with a new user interface that makes it much easier to filter and sort events as well as control which type of events are logged. In addition, you can now perform some basic diagnostic tasks right from within Event Viewer itself.

Microsoft has stated that they are going to impose stricter standards in order to ensure that events logged in Event Viewer are more meaningful, actionable, and well-documented, thus providing better information for troubleshooting. In addition, Windows 7's Event Viewer will be the central point of inquiry for all the operating system's logs. More specifically, those operating system components that store logging information in text files will add events to the event log in Windows 7.

Other new features in Event Viewer allow you to create and save custom views so that you can easily focus in on the problem you are currently troubleshooting, create event subscriptions that can collect information from other computers on a network, and allow you to more easily correlate problems that affect multiple computers and assign tasks that are to run when a certain event occurs.

A tour

Let's take a look around the new Event Viewer in Windows 7. As you can see in Figure A, the new user interface provides access to more pertinent information than Windows XP's Event Viewer, as shown in Figure B.

Figure A

Windows 7's Event Viewer provides access to lots of information.

Figure B

The user interface for Windows XP's Event Viewer looks pretty stark in comparison to the Windows 7's Event Viewer.

As you look at Windows 7's Event Viewer, you'll notice that the left pane contains an expandable tree that provides you with easy access to all of Event Viewer's logs. The two main categories are Windows Logs and Applications and Services logs. The Windows Logs category includes the logs that were available in Windows XP, such as the Application, Security, and System logs, while the Applications and Services logs are a new category of event logs that store events from a single application or component.

In the center is the View Pane that provides you with an easy way to view both the list of events as well as the information that each event contains, as shown in Figure C.

Figure C

The View pane does double duty, showing you both the list of events and details about the selected event.

On the right side of Event Viewer is a new area called the Actions pane, which contains a list of actions, or commands, that are associated with Event Viewer. As you can see by comparing the Actions pane in Figures A and C, the Actions pane changes to provide relevant tasks depending on what is selected.

To make focusing on specific events easier, you can create a Custom View that essentially allows you to create a very detailed event query that can span several logs. To help you create a Custom View, Event Viewer provides you with a very detailed form, as shown in Figure D. Once you have created a Custom View, you can then save it and reuse it later.

Figure D

Creating Custom View can be a real time-saver when troubleshooting problems.
Attaching tasks to events is also a great troubleshooting feature. To make this a simple procedure, Windows 7's Event Viewer employs the Task Scheduler Wizard and provides you with several relevant actions to attach to the event, as shown in Figure E.

Figure E

You can configure a task that is to take place when a certain event occurs.

What's your take?

In addition to providing improved performance and a new user interface, Windows 7's Event Viewer gives you a whole slew of new features to make troubleshooting a much easier task. If you are a Windows 7 user who has recently moved from XP, what has been your experience with Windows 7's Event Viewer? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

22 comments
jasonhiner
jasonhiner

Personal attacks will get your post deleted almost every time. This is a forum for knowledge sharing and peer-to-peer interaction. People will often disagree, but personal attacks and name calling are not acceptable (and it's a lazy way to argue a point). Your post will be deleted unless you edit it.

bikingbill
bikingbill

On both my Win 7 PC and in Greg's "Figure C" it seems that only Microsoft Software and Service applications are monitored? Is that correct? If so, it makes the whole thing a bit of a let-down as often problems are caused by other factors.

tom
tom

From your post I'd say you must still be in High School. If so, go ask your English Teacher the difference between your and you're. Then grow up.

specialfx63
specialfx63

So far our Win7 installations have been very, very, stable. Of course, with the myriad of software and driver combinations, YMMV. I suppose anything out of M$ that can help me sort through the chaff and focus on the important issues is a good thing. Sure, it looks "pretty" but, it is much better organized than in XP, and hey, if it helps me to just zero in on what I'm really looking for and I can avoid some time & headache, I'm all for it. ;)

dhamilt01
dhamilt01

A seasoned tecnician doing Event Viewer work 7/24 for 10 years may find the new Windows 7 Event Viewer a handy tool. But millions of users who never open the tool get what? They have no idea anything is wrong (Critical) unless they open Event Viewer. When something critical is logged in the Event Viewer, why is the common user never notified? You can't solve a problem if ya don't know ya got one eh!

The Admiral
The Admiral

Better troubleshooting is this: The ability of a seasoned technician to know that not all events are problems. The ability for a seasoned technician to know that even a computer in a vehicle will not throw a trouble code. The ability for a seasoned technician to see that the computer is acting up because of three reasons: The user. The Hardware. The Virus because of the user. Better troubleshooting begins when someone who has a long list of certifications stops coming to me and asking me what is wrong with it - because it was not covered in Certification coursework.

aksalaymeh
aksalaymeh

it is good and we need more you can concentrate on win7 and forget winXP Thanks

Mark W. Kaelin
Mark W. Kaelin

In addition to providing improved performance and a new user interface, Windows 7's Event Viewer provides you with a whole slew of new features to make troubleshooting a much easier task. Have you tried the Windows 7 Event Viewer? What has been your experience?

Oz_Media
Oz_Media

Now I see what Jason was on about! Talk about an uncalled for, personal attack!

Oz_Media
Oz_Media

LOL :D just kidding, I thought the thread was a bit bland without the usual 'nix, MAC fanboy slagging I actually concur 100%, Win7 really is a stable and intuitive operating system, MS actually hit one out of the park this time! Great OS.

1674
1674

What I mean is, You read it when there is a issue but most of the time. I have not been able find solutions to critical or events

Oz_Media
Oz_Media

I've seen a crash where it said a log was written to the Windows Event viewer. Same thing for normal program incompatibility issues, it prompts, if anyone actually reads the message.

BradTD
BradTD

What does this tired old gripe have to do with the topic at hand, that being a feature of Windows 7?? Let's save the certifications debate for a relavant thread. Tedious. Windows XP is all we still have in my organization, so I'm interested to read RELEVANT replies related to Windows 7 features.

oldguardreindeer-techrepublic
oldguardreindeer-techrepublic

OK, up front -- I don't have Win 7 but the question remains the same: Can you actually find out in the new Event Viewer what happened when there is a critical error? My complaints with Event Viewer have always been 1) I could not figure out quickly where to look for the error details...which log? 2) After finding something that appears to be a message that a critical error just occurred I'm still left scratching my chin wondering what the heck it means? Is the new Event Viewer going to be more helpful in plain english?

hondafrank
hondafrank

I haven't had to troubleshoot many Win7 systems yet but the eventviewer seems to be providing the exact same info with a prettier interface. All I see they've done is try to make it look different. It is easier to filter, but I don't see much else changed.

OH Smeg
OH Smeg

M$ didn't hit one out of the park with 7 they just got Vista right. Took them slightly less time that it took them with XP and the Name Change didn't help much but when I get the need for wide spreed adoption the 64 Bit Version of 7 is all I'll be pushing. Just got 3 NB's going out the door with it on pity I can not get a lot of the Business to adopt though. :( Col

The Admiral
The Admiral

Anal Retentive Whining need not be posted.

ultimitloozer
ultimitloozer

... all of the bitching they did about XP when it was released and the number and magnitude of the issues that needed to be resolved before it got widespread adoption. And many XP diehards are using the version numbers as "proof" that Win7 is an upgrade (6.1 for Win7 vs 6.0 for Vista) completely ignoring the fact that XP, by the same criteria, was only an upgrade (5.1 for XP vs 5.0 for Win2K).

HAL 9000
HAL 9000

It took a very long time to get 2000 Right, XP was a disaster for the first couple of years. ;) Col

ultimitloozer
ultimitloozer

Kinda like XP was 'just getting Windows 2000' right, right?

Oz_Media
Oz_Media

I had a Vista notebook (came with Vista installed and it ran flawlessly). All the issues people kept having seemed bizarre to me, again worked flawlessly and I run a HEAPING PILE of different software, everything from Webtools to Audio an Video mixing/rendering. But Win7, compared to Vista is really night and day, there are SOME of the same features, like breadcrumbs, the partition wizards etc. But as far as intuitive HELP, searching, disk management etc. Win7 is a real blast to use now. I'll agree with you that Win7 is a glorified Vista, but I wouldn't say Vista was a home run as SO many people had So many issues, even though I did not. Win7 on the other had is hard to criticize, even the 'nix fans are just quietly rambling on about issues with older versions, hoping people won't do their homework and find out otherwise. The MAC crowd has gone silent, as Windows s now powerful and resourceful, while offering a stable system. If you take all the beefs and gripes people have had towards Windows for the last 10-15 years, most don't exist any longer, except with the odd machine here and there. Anyone I've moved to Win7 actually thanks me and says how it is SO good compared to previous versions (one user upped to a new box with 64bit Win7 after being stuffed with WinME for many years, that guy would let me borrow his girlfriend for a weekend if I wanted him to). :D

tom
tom

Seems like you started the whining with your initial irrelevant response.