Have you ever tried to troubleshoot a problem in Windows NT? If so, the Event Viewer and the various logs that it contained probably became your new best friend. However, if you’ve ever tried to troubleshoot a major operating system problem in Windows 98, you may have noticed that the Event Viewer doesn’t exist. In spite of this, Windows 98 does use event logs in some places. In this Daily Drill Down, I’ll show you exactly where the Windows 98 event logs are. I will explain what information these logs contain and how to use them.

What’s available?
As you’ve probably noticed, the existence of log files within Windows 98 isn’t exactly highly publicized. Therefore, you may be wondering what types of log files exist. Unlike Windows NT, there are no comprehensive log files that cover the entire operating system. However, there are several log files that cover specific areas of the operating system. Log files exist for Disk Defragmenter, Doctor Watson, Outlook Express, PPP, the System File Checker, and System Monitor. In the sections below, I’ll discuss each of these log files in detail.

Disk Defragmenter
If you’ve used Windows 98 for any length of time, you’re probably familiar with Disk Defragmenter, which is a utility that’s designed to, as the name implies, defragment your hard disk.

The version of Disk Defragmenter that comes with Windows 98 is much more sophisticated than the versions that shipped with previous versions of Windows. The claim that Disk Defragmenter helps frequently-run programs to run more quickly isn’t merely marketing hype. Disk Defragmenter relies on information gathered by the Task Manager and a program called Cvtaplog.exe to determine which programs are run most frequently.

When you run Disk Defragmenter, it creates a log file in a hidden directory named \Windows\Applog. The name of the log file is Optlog.txt. As you can see in the Optlog.txt sample, the log displays which programs are used most often and how Disk Defragmenter attempts to optimize those programs.

Program Launch Optimization Log - Created Thu Jun 01 05:46:52 2000
Programs Eligible for Optimization:
Ord Flag ProgName Uses LastExecDate Program Path 
5 RUNDLL32 136 2000.05.30 C:\WINDOWS\RUNDLL32.EXE 

Programs Ineligible for Optimization:
Ord Flag ProgName Uses LastExecDate Program Path 
49 PD TOSEXE 0 1601.01.01  
50 PD WATCHDOG 0 1601.01.01  
51 PD UNVISE32 0 1601.01.01  
52 PD NAPSTER 0 1601.01.01  
53 PD AMIKA 0 1601.01.01  
54 PD IKERNEL 0 1601.01.01  
56 PD BURP 0 1601.01.01  
58 PD RUMOR 0 1601.01.01  
Control Parameters:
Use app profile = Yes
Minimum log size = 1000
Maximum no use days = 90
Maximum apps = 50
Flags for Ineligible Programs:
S = Log size smaller than <Minimum log size>
U = Program not used for more than <Maximum no use days>
P = No profile for program
E = Associated program no longer exists
D = Log deleted (may be combined with one of the above)

Doctor Watson
Doctor Watson is a great tool that helps you track Windows errors. If an application fault occurs on your machine, you can load Doctor Watson and reproduce the condition that caused the application fault. Doctor Watson will then provide you with the information necessary to determine the cause of the problem.

To access Doctor Watson, open the System Information tool (look under Start | Programs | Accessories | System Tools, and click on System Information). Select the Dr. Watson command from the Tools menu. When you do, nothing will appear to happen. However, if you look closely, a Doctor Watson icon will be temporarily added to your system tray at the bottom of the screen. Click this icon to access Doctor Watson, and the program will take a snapshot of your system’s memory. If a problem is found, Doctor Watson will create a log file. By default, the log file is stored in the \Windows\Drwatson folder. The log file is called Watsonxx.wlg. Normally, Doctor Watson preserves the last ten log files, but you can set it to save more or fewer log files.

To view a log file, use the Open Log File command from Doctor Watson’s File menu. You can then print the log file by using the File menu’s Print command. Be aware that most log files will be at least 15 pages long. Log files from machines with high amounts of memory or with many applications running will be even longer. Therefore, if you want to print a section of the log file instead of the entire file, select the section that you want to print and press [CTRL][C]. Next, open Notepad and press [CTRL][V]. This will cut and paste the information that you’ve selected into Notepad. You can then use Notepad to print that section.

Outlook Express
While not strictly a Windows 98 feature, Outlook Express contains several logging options you may find useful. You can create separate log files for POP3, SMTP, and Internet News. The log files use the following names: Pop3.log, Smtp.log, Inetnews.log, and Imap.log.

You can enable the various types of logging by selecting the Options command from Outlook Express’s Tools menu. When you see the Options dialog box, select the Maintenance tab (in Outlook Express version 5). At the bottom of this tab, select the logs that you want to use.

The location of the log files varies depending on your PC’s configuration. For example, where log files are stored depends on factors such as whether user profiles are enabled and whether Internet Mail and News was previously configured on the machine. I recommend using the Find | Files And Folders command on the Start menu to locate the specific location of these files on your computer.

If you’ve ever tried to troubleshoot an Internet connection, you know how difficult it can be. Windows 98 includes a PPP log file that you can use to diagnose connection problems. As you may recall, Windows 95 also included a PPP log file. However, the Windows 98 version has improved significantly. For starters, you can now set a log file on a per-connection basis rather than on a per-adapter basis. This means that if you have three different ISPs that you call using the same modem, you can set up a different log file for each connection rather than having one log file for the dial-up adapter. The new log files are also more detailed than the one found in Windows 95, and you don’t have to reboot your machine after enabling them.

To create a PPP log file, go to Dial Up Networking and select the connection that you want to monitor. Right-click the dial-up session and select Properties from the resulting shortcut menu. When you do, you’ll see the session’s properties sheet. Now, navigate to the Server Types tab and select the Record A Log File For This Connection option. Click OK to continue. The next time that you use the session, Windows will create a log file called PPPlog.txt in the Windows directory. Keep in mind that the PPP log file records all data that travels across your modem—the log file can get large very quickly. Therefore, when recording a log file, limit your connection time to no more than a minute or two so as to avoid filling up your hard disk. You can see a brief excerpt from this log file below:

Sample of a PPPLOG file
06-01-2000 07:43:23.76 – Microsoft Dial Up Adapter log opened.
06-01-2000 07:43:23.76 – Server type is PPP (Point to Point Protocol).
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol 80fd (CCP) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Protocol not bound – skipping control protocol 803f (NBFCP).
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol 8021 (IPCP) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Protocol not bound – skipping control protocol 802b (IPXCP).
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol c029 (CallbackCP) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol c027 (no description) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol c023 (PAP) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol c223 (CHAP) to control protocol chain.
06-01-2000 07:43:23.76 – FSA : Adding Control Protocol c021 (LCP) to control protocol chain.
06-01-2000 07:43:23.76 – LCP : Callback negotiation enabled.
06-01-2000 07:43:23.76 – LCP : Layer started.
06-01-2000 07:43:23.76 – PPP : Transmitting Control Packet of length: 25
06-01-2000 07:43:23.76 – Data 0000: c0 21 01 01 00 17 02 06 | .!…_..
06-01-2000 07:43:23.76 – Data 0008: 00 0a 00 00 05 06 00 12 | ……..
06-01-2000 07:43:23.76 – Data 0010: eb 8e 07 02 08 02 0d 03 | ……..
06-01-2000 07:43:23.76 – Data 0018: 06 00 00 00 00 00 00 00 | ……..
06-01-2000 07:43:26.41 – PPP : Received Control Packet of length: 26
06-01-2000 07:43:26.41 – Data 0000: c0 21 01 c0 00 18 02 06 | .!…_..

System File Checker
The System File Checker is a tool that compares the Windows 98 installation files to the files on your hard disk. If the tool detects a different version of a file, it can replace the file or call it to your attention. As you can imagine, if ever there was a utility in need of a log file, this is it. You can access this tool by selecting the System File Checker command from the Tools menu in the System Information application I discussed in the Doctor Watson section above. When the System File Checker finishes examining your system and making the necessary updates, it creates a log file called Sfclog.txt in the Windows directory. You can examine a sample of the Sfclog.txt file.

Microsoft System File Checker
Log file generated on 6/1/2000 at 6:39 AM
Started verify scan using verification data file:
  Previous Previous New New CRC
File Change Version Date Version Date Match
---------------- ----------- ----------- --------- ----------- --------- ------
extrac32.exe Ignored  5/11/1998 4.11.0603.3 5/11/1998 Yes
grpconv.exe Ignored 5.00.1743.1 5/11/1998 5.00.1962.1 3/18/1999 No
hh.exe Ignored 4.72.7322 5/11/1998 4.73.8561 7/15/1999 No
PSUNREG.EXE Added   4/4/1996
POLEDIT.EXE Added  4.00 5/11/1998
WSPTSK.EXE Added   9/15/1997
uninst.exe Added  2.20.926.0 4/8/1997
wupdmgr.exe Ignored 5.00.1788.1 5/11/1998 5.00.5260.0 12/4/1998 No
IsUninst.exe Added  5, 51, 138, 10/29/199
hlremove.exe Added   7/11/1997
iextract.exe Added   7/13/1999
extract.exe Added   7/13/1999
wscript.exe Ignored 5.0.531.7 5/11/1998 5.0.531.7 7/13/1999 No
ST5UNST.EXE Added  5.00.3716 5/11/1998

System Monitor
System Monitor is a tool similar to the Windows NT Performance Monitor. It allows you to see exactly what system resources are being used at any given time. This information may be displayed in the form of a chart or a text log file. Obviously, System Monitor is a good tool to use when you’re having performance problems. However, it’s a good idea to build a system monitor log before you begin having problems. Doing so allows you to establish a baseline, or a picture of what ranges the various system monitor counters should fall within when everything’s running normally. If you do so, it will be easier for you to track the cause of the problem when errors occur—all you’ll have do is compare the current measurements with your baseline measurements and look for the value that’s out of whack.

By default, System Monitor isn’t installed. To install it, open Control Panel and select the Add/Remove Programs icon. When you see the Add/Remove Programs properties sheet, select the Windows Setup tab. Now, select System Tools and click the Details button. A list appears showing the available system tools. Select System Monitor and click OK twice. System Monitor will now be installed.

Once you’ve installed System Monitor, you can launch it by clicking Start | Programs | Accessories | System Tools | System Monitor. When System Monitor loads, you can create a log file by adding the counters that you want to monitor to the chart. Once you’ve loaded the necessary counters, select Start Logging from System Monitor’s File menu. Next, select the name and location for the log file and click the Save button. When you’ve captured the desired information, select Stop Logging from the File menu. You can then view the log file that you created with Notepad. You can see a sample log file below:

Sample System Monitor log file
Kernel: Processor Usage (%),File System: Reads/second,File System: Writes/second,Kernel: Threads

As you can see from the sample log, the first line contains the names of the items being monitored. All subsequent lines contain the values of the counters separated by commas. Because this file is actually a comma-separated value file, you could easily change the files extension from .LOG to .CSV and pull the information directly into Microsoft Excel. Once the information is imported into Excel, it will be automatically arranged into columns. You can then create graphs or perform calculations on the numbers that you’ve collected.

In this Daily Drill Down, I’ve discussed the various types of event logs hidden within Windows 98. I explained the purpose of each log and how to use it. Once you know what options are available, you can use these logs to help diagnose and care for Windows 98.

Talainia Posey learned to handle PCs the old fashioned way: by reading manuals and doing on-the-job troubleshooting. Her experience also includes installing networks for several small companies. When she’s not working on computers, Talainia loves to shop for toys and watch cartoons, or spend time with her cat, Beavis.

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.