IThe event viewer is one of the greatest tools that you have for diagnosing software problems and finding the fix for them. If you have used the event viewer in either Windows NT, 2000, 2003 or Windows XP then you know that it is a great application to rely on when troubleshooting an issue on a PC or server.
To Open the event viewer you simply right click in the My Computer icon and click manage, another method is to go to Start–> programs –administrative tools –> Event Viewer. You will be shown a window like the one below.
The Event viewer has three sections, applcation which gives us information on the applications that run on the machine, security which shows us the security approvals and denials and lastly the System log which shows the actions within the operating system itself.
I do not tend to deal with the security section of the event viewer much if at all unless I have an access denied error for an application. For the Application and System sections of the event viewer we have three types of entries within the log:
Information – which will tell us when some kind of event happens that has not adversely affected the system or an application.
Warning – A warning is just that a warning that something is not running properly but that the application or operating system is still running, just in a compromised state.
Error – This as you can imagine is bad. An error will occur if a service can not start or if an application fails to execute at all.
After scanning through the event logs you will probably want more information about the details of the event. To do this just double click on the event and you will get the properties for the event as shown below:
After seeing the description of the event you may be able to find out right away what the problem is. Often you can fix a problem very quickly just by going to the event viewer event properties or on the off chance that the link to Microsoft is helpful (I have not been this lucky before). If this is not good enough to find a fix then you can go to eventid.net and enter in the Event ID and perhaps the category or the source.
There is another great way that you can use the event viewer. If you are a domain admin and if you access the event viewer using the computer management then you can right click the (local computer) in the top of the window and can select another computer on the network and access that computers event logs.
Another great way to view information in the event viewer is to go to view filter and you have the option to select or deselect entries that will show up in the event viewer.
After you have use the event viewer for a while you get to know the information or error events that are common and could be put aside and you will be able to zero in on what is the real underlying problem. Microsoft fortunately has lots of information on the event viewer.