7 ways to save time with event viewer
Image 1 of 16
nt
n
ntWindows 7’s Event Viewer can hold a lot of information that can help you to solve problems. In this tip gallery, I’ll show you seven ways that you can save time with Windows Event Viewer.
n
nt
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntWhen you first open Event Viewer you can save time by starting your investigation with the Summary of Administrative Events panel. It will immediately show you what types of events have been logged over some specific time frames: Last Hour, 24 Hours, and 7 Days.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntWhen you expand a branch in the summary, you’ll see that the events come from all of the applicable event logs. To get more details about a particular event, just double-click it.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntEvent Viewer does such a good job at logging events, that the number of items in its logs can be staggering. You can save yourself time by creating filters.
n
ntFor example, suppose that you’re troubleshooting a Kerberos problem and want to see all events in the System event log related to the Time Service for the last week. Select the System log in the Tree panel and select Filter Current Log in the Action panel. When you see the Filter Current Log dialog box, select Last 7 days from the Logged drop down, select the check boxes for Event Levels of Critical, Error and Warning, and from the Event Sources drop down select Time Service. Then, click OK.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntWhen you are using a Filter, you’ll only see those events in the chosen event log.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntFilters will remain active until you click Clear Filter or exit Event Viewer. If the filter will be useful over a longer period, you can save yourself time by turning the Filter into a Custom View.
n
ntWhile the Filter is active, select Save Filter to Custom View in the Action panel. When you see the Save Filter to Custom View dialog box, just give it a name and description and click OK.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntYou can now find the new view in the Custom Views branch in the Tree panel.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntFilters and Custom Views are great features, but they are designed for discovering an event after it has already happened. If you want to know exactly when an event occurs, you can save yourself time by attaching a task to an event.
n
ntWhile the Filter or Custom View is active, select the Attach Task To This Event in the Action panel. When you see the Create Basic Task Wizard dialog box, just give it a name and description and click Next.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntYou can choose to Start a program, Send an email or Display a message. When you finish the wizard, Event Viewer creates a scheduled Task in Task Scheduler that will run whenever the event occurs.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntIf there is another computer on your network that you want to investigate, you can save yourself time by using Event Viewer’s remote connection feature.
n
ntTo begin, right click on the Event Viewer (Local) in the Tree panel and select Connect to another computer. When you see the Select Computer dialog box, type or Browse for name of the computer, and click OK.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntWhen you are connected, you can use any of your Filters or Custom Views to view events on the remote computer.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntIf there are multiple computers on your network that you want to gather information from, you can save yourself time by using Event Viewer’s Subscription feature.
n
ntTo begin, right click on Subscriptions in the Tree panel and select Create Subscription. When you do, you may be prompted to start the Windows Event Collector service.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntWhen you see the Subscription Properties dialog box, enter a name and description and then click the Select Computers button and use the controls in the Computers dialog box to choose the computers you want. Then, click the Select Events button/drop down, choose the Copy from existing Custom View command and choose your view from the Open Custom Views dialog box. Click OK in the Subscription Properties dialog box to complete the operation.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntAs soon as you create a Subscription, Event Viewer will automatically collect information from those computers on the network. To see the event subscription, select the Forwarded Events log. Keep in mind that the Windows Remote Management and Windows Event Collector services must also be running on the remote computers. For specific details, see the Event Viewer Help system.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntEven with Filters and Custom Views to help you sift through an event log, there can be so much old data in a log that it gets cumbersome. You can save yourself time by using Event Viewer’s Save and Clear feature.
n
ntTo do so, select Clear Log in the Action panel. When you see the Event Viewer dialog box, click the Save and Clear button. In the Save As dialog box, enter a descriptive name and select any one of the available file types.
n
ntImage created by Greg Shultz for TechRepublic.
nt
n
ntttWhat’s your favorite Windows Event Viewer Tip? Share your comments in the TechRepublic Community Forums and let us hear from you.
ntt
ntttImage created by Greg Shultz for TechRepublic.
nt
n
n
nt
