\n\t
\n
\n\tWindows 7’s Event Viewer can hold a lot of information that can help you to solve problems. In this tip gallery, I’ll show you seven ways that you can save time with Windows Event Viewer.
\n
\n\t
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tWhen you first open Event Viewer you can save time by starting your investigation with the Summary of Administrative Events panel. It will immediately show you what types of events have been logged over some specific time frames: Last Hour, 24 Hours, and 7 Days.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tWhen you expand a branch in the summary, you’ll see that the events come from all of the applicable event logs. To get more details about a particular event, just double-click it.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tEvent Viewer does such a good job at logging events, that the number of items in its logs can be staggering. You can save yourself time by creating filters.
\n
\n\tFor example, suppose that you’re troubleshooting a Kerberos problem and want to see all events in the System event log related to the Time Service for the last week. Select the System log in the Tree panel and select Filter Current Log in the Action panel. When you see the Filter Current Log dialog box, select Last 7 days from the Logged drop down, select the check boxes for Event Levels of Critical, Error and Warning, and from the Event Sources drop down select Time Service. Then, click OK.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tWhen you are using a Filter, you’ll only see those events in the chosen event log.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tFilters will remain active until you click Clear Filter or exit Event Viewer. If the filter will be useful over a longer period, you can save yourself time by turning the Filter into a Custom View.
\n
\n\tWhile the Filter is active, select Save Filter to Custom View in the Action panel. When you see the Save Filter to Custom View dialog box, just give it a name and description and click OK.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tYou can now find the new view in the Custom Views branch in the Tree panel.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tFilters and Custom Views are great features, but they are designed for discovering an event after it has already happened. If you want to know exactly when an event occurs, you can save yourself time by attaching a task to an event.
\n
\n\tWhile the Filter or Custom View is active, select the Attach Task To This Event in the Action panel. When you see the Create Basic Task Wizard dialog box, just give it a name and description and click Next.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tYou can choose to Start a program, Send an email or Display a message. When you finish the wizard, Event Viewer creates a scheduled Task in Task Scheduler that will run whenever the event occurs.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tIf there is another computer on your network that you want to investigate, you can save yourself time by using Event Viewer’s remote connection feature.
\n
\n\tTo begin, right click on the Event Viewer (Local) in the Tree panel and select Connect to another computer. When you see the Select Computer dialog box, type or Browse for name of the computer, and click OK.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tWhen you are connected, you can use any of your Filters or Custom Views to view events on the remote computer.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tIf there are multiple computers on your network that you want to gather information from, you can save yourself time by using Event Viewer’s Subscription feature.
\n
\n\tTo begin, right click on Subscriptions in the Tree panel and select Create Subscription. When you do, you may be prompted to start the Windows Event Collector service.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tWhen you see the Subscription Properties dialog box, enter a name and description and then click the Select Computers button and use the controls in the Computers dialog box to choose the computers you want. Then, click the Select Events button/drop down, choose the Copy from existing Custom View command and choose your view from the Open Custom Views dialog box. Click OK in the Subscription Properties dialog box to complete the operation.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tAs soon as you create a Subscription, Event Viewer will automatically collect information from those computers on the network. To see the event subscription, select the Forwarded Events log. Keep in mind that the Windows Remote Management and Windows Event Collector services must also be running on the remote computers. For specific details, see the Event Viewer Help system.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\tEven with Filters and Custom Views to help you sift through an event log, there can be so much old data in a log that it gets cumbersome. You can save yourself time by using Event Viewer’s Save and Clear feature.
\n
\n\tTo do so, select Clear Log in the Action panel. When you see the Event Viewer dialog box, click the Save and Clear button. In the Save As dialog box, enter a descriptive name and select any one of the available file types.
\n
\n\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n\t\t\tWhat’s your favorite Windows Event Viewer Tip? Share your comments in the TechRepublic Community Forums and let us hear from you.
\n\t\t
\n\t\t\tImage created by Greg Shultz for TechRepublic.
\n\t
\n
\n
\n\t
My first computer was a Kaypro 16 \"luggable\" running MS-DOS 2.11 which I obtained while studying computer science in 1986. After two years, I discovered that I had a knack for writing documentation and shifted my focus over to technical writing.
