Wednesday, January 20, 2010

How To Manage And View The Event Logs In Windows Operating Systems

This article will be very useful if you are using Even Viewer to view and mange the event logs in Microsoft Windows XP.
What is Event Viewer
It is used to notify the significant occurrence in the system or in a program or an entry added to a log. Moreover, the Event Log Service is able to record applications, security and system events in the Event Viewer. At the same time, you can get the information about your Hardware, Software, System Components and Monitor Security events on a local or Remote Computer. They are very useful to identify and diagnose the source of current system problems and to help predict potential system issues.


Types of Event Logs
Usually a Computer with Windows XP Operating System records in the following scenarios.
Application log

It contains events logged by programs. For an example, usually a database program records the error of a file in the application log. In such a way, events that are dedicated to the application log are determined by the developers of the Software program.
Security log

This is used to record valid and invalid logon attempts and related to resource use like creating, opening or deleting of files. If you enable the logon auditing, an event will be recorded in the Security Log each time a user attempts to log on to the Computer. Remember, you should log on as an Administrator or as a member of the Administrator groups, in order to turn on, use and specify what are the events recorded in this log.
System log

It has the events logged by Windows XP System Components. Consider if a driver is failed to load at the Startup, then an event will be recorded in the System Log. Moreover, Windows XP is able to predetermine the events that are logged by System Components.
Procedure to view Event Logs
You can use the following steps to open the Event Viewer
1. Go to Start menu, choose Control Panel, and choose Performance and Maintenance.
2. Then click Administrative Tools and double click on Computer Management.
3. Or else, you can use MMC containing the Event Viewer Snap-in.
4. Then click Event Viewer in the Console tree.
5. There you can view the Application, Security and System Logs in the Event Viewer Window.

Procedure to view Event Details
You can use the following steps to open the Event Details

1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. First, click Start, choose Control Panel and then choose Performance and Maintenance, then click Administrative Tools.
3. Then double click Computer Management.
4. Or else, you can use MMC containing the Event Viewer Snap-in.
5. Thereafter, expand the Event Viewer in the Console Tree and then click the log that contains the event that you want to view.
6. Now, in the details pane, double click the event that you want to view.

Now, you can view the Event Properties dialog box that has the header information and a description of the events.

If you want to copy the details of the event, click the Copy button and then open a new document from the program to paste the details. Then click Paste on the Edit menu.
You can use the Up Arrow and Down Arrow to view the description of the previous or next event.
What is Event Header
In this header, you can get the following information about the event.
Date

The date the event occurred.
Time

The time the event occurred.
User

The user name of the user will be recorded on when the event occurred.

Computer

The name of the computer where the event occurred.

Event ID

It is used to identify the event type. Mainly used by product support representatives to help understand what occurred in the system.

Source

It is the name of a program, a system component or an individual component of a large program.
Type

It should be one of the following intimations Error, Warning, Information, Success Audit, or Failure Audit.
Category

Mainly used in the Security log as it is a classification of the event.
Event Types
It varies in accordance with the type of event and each event in a log can be classified into any one of the following types.
Information

An information event will be logged if a network driver loads successfully.
Warning

It is used to indicate the possible occurrence of a future problem like Warning Messages occur if the disc space becomes low.
Error

An event describes a significant problem like failure of a critical task. Moreover, the error events may be involved in data loss or loss of functionality. It occurs if a service fails to load during startup.
Success Audit (Security log)

Describes the successful completion of an audited security event like a Success Audit event is logged when a user logs on to the Computer.
Failure Audit (Security log)

It is just opposite to the Success Audit describes if any audited security is not successfully loaded. It occurs when the user unable to access a network drive.
Finding Events in a Log
Listing all the entries is the default view of the Events Log. You can search the log or you can apply filter to the log data, if you want to find a specific event or a view a subset of events.
How to Search for a Specific Log Event
You can search for a specific log event by following these steps:
1. Go to Start menu, choose Control Panel, and choose Performance and Maintenance.
2. Then click Administrative Tools and double click on Computer Management.
3. Or else, you can use MMC containing the Event Viewer Snap-in.
4. Thereafter, expand the Event Viewer in the Console Tree and then click the log that contains the event that you want to view.
5. Now, on the View menu, click Find.
6. Now, you have to specify the options for the event that you want to view in the Find dialog box.
7. After that, click Find Next.
If you click on the Find Next tab, you can view the event that matches your search criteria in the details pane. Moreover, you can click Find Next in order to locate the next occurrence of an event as defined by your search criteria.
Way to filter Log Events
Follow these steps:
1. Go to Start menu, choose Control Panel, and choose Performance and Maintenance.
2. Then click Administrative Tools and double click on Computer Management.
3. Or else, you can use MMC containing the Event Viewer Snap-in.
4. Thereafter, expand the Event Viewer in the Console Tree and then click the log that contains the event that you want to view.
5. Click Filter on the View menu
6. Then click on the Filter tab if it is not selected
7. Now, you can specify the filter options that you want to view and then click OK.
If you perform this action, you can only view the events that match your filter criteria. If you want to return the view to display all log entries, click Filter on the View menu and then click Restore Defaults.

How to Manage Log Contents
512KB is the initial maximum size of a log. If the size is reached, new event will overwrite older events as needed. Therefore, you can change or clear the logs of these settings as per your requirements
Steps to Set Log Size and Overwrite Options
1. Go to Start menu, choose Control Panel, and choose Performance and Maintenance.
2. Then click Administrative Tools and double click on Computer Management.
3. Or else, you can use MMC containing the Event Viewer Snap-in.
4. Thereafter, expand the Event Viewer in the Console Tree and then right click the log that contains the event that you want to set the size or overwrite.
5. Then under the Log size, you can type the size that you want to have in the Maximum log size box.
6. If the maximum level is reached, you can click on the overwrite option that you want.
7. Moreover, you can clear the log contents using the option Clear Log.
8. Now, click OK.
Ways to archive a Log
You can archive event logs in any of the following formats if you want to save your log data.
• Log-file format (.evt)
• Text-file format (.txt)
• Comma-delimited text-file format (.csv)
Follow the following steps to archive a log
1. Go to Start menu, choose Control Panel, and choose Performance and Maintenance.
2. Then click Administrative Tools and double click on Computer Management.
3. Or else, you can use MMC containing the Event Viewer Snap-in.
4. Thereafter, expand the Event Viewer in the Console Tree and then right click the log that contains the event that you want to archive and then choose click Save Log File As.
5. Specify a file name and location where you want to save the file. In the Save as type box, click the format that you want, and then click Save.
6. Now, you have to specify a file name and location where actually you want to save the file.
7. In the Save As type box, choose the format you want and then click Save.

Above article is suitable for
• Microsoft Windows XP Home Edition Operating System
• Microsoft Windows XP Professional Operating System

Taken ,