There’s a lot happening on your computer, and 99% of it is happening behind the scenes. The stuff that appears on your monitor is just the final step in a very, very long journey. To keep tabs on what’s happening on your system, and what has happened in the past, you’ll need to use the Event Viewer tool.
The Windows Event Viewer can be found through the Control Panel. Open the Control Panel, click “System and Security,” and then click “Event Viewer.” The Event Viewer is a high-level program, meaning that you’ll need Windows Administrative privileges to access it.
There are three frames in the Event Viewer Window: the console tree, the Overview and Summary, and the Action frame.
The console tree is in the same format as any of Windows Explorer, with menus and sub-menus. You can access logs for applications, security events, setups, systems, and forwarded events.
Some of these categories are self-evident, while some are broader. Application events, also called program events, will store every warning and error from every program on your system. These range from the very serious to the very minor, even including benign events like information pop-ups. There’s a lot to sort through in this category.
Security events include any number of security-related events such as users logging, logging out, and making changes to security settings.
Setup events are only relevant if your computer is set up as a domain controller.
System events are any warnings, errors, or information popups that come from the operating system rather than from an application or program.
Finally there are forwarded events, a category that is only relevant if you’re using the Windows Event Collector Service.
From the left-hand frame, you can also access your Applications and Service logs. This is where you can access hardware and powershell events, which is particularly useful for advanced troubleshooting. also manage your subscriptions if you have set up the Windows Event Collector Service.
You can also set up custom views from this frame. Usually, this isn’t the kind of thing you’ll have to worry about the first time you’re using the Event Viewer. But it can be a huge time-saver during longer troubleshooting exercises.
By selecting a category in the console tree, the Overview and Summary will appear in the middle frame. From here, you can look at each individual event in the separate log categories. Each event will have a date and time, show which user was logged in at the time, the name of the computer on which it took place, the type of event, the source of the event, and the Event ID.
The right frame is the Action frame. This frame also changes depending on what you’ve selected in the left-hand frame.
Because Event Viewer is so exhaustive, a lot of the data won’t necessarily be useful, and there will be a lot to look through. But if you want an unedited look at everything that happens on your computer, there’s only one game in town: Event Viewer.