How to open the security log in win 7. Where is the windows event log

Here's what's happening to me:

my user does not come to me,

but they walk in idle bustle

various not the same…

What is an event log

Everything that happens is under control Windows(click , key press, program launch…), are events ( events). The most important (in terms of Windows!) events (for example, hardware, application and system problems) are recorded by the operating system in so-called event logs.

How to view event logs

Windows Vista+ : Start –> Control Panel –> Administrative Tools –> Event Viewer.

Windows XP: Start –> Settings –> Control Panel –> Administrative Tools –> Event Viewer(or Start –> Run –> in the window Program launch into the text field Open enter eventvwr.msc /s –> click OK).

Main types of magazines:

– application log(contains data related to the operation of applications and programs. Entries in this log are created by the applications themselves. Events entered in the application log are determined by the developers of the respective applications);

– security log(contains records of events such as successful and unsuccessful attempts to access the system, as well as events related to the use of resources, such as the creation, opening and deletion of files and other objects. Decide on events that are logged in the security log , accepted by the administrator.For example, after enabling auditing of a logon, all logon attempts are logged in the security log);

– system log(contains event entries made by operating system components Windows. For example, the system log logs failures during boot or other system components during system startup).

The Event Viewer displays events of the following types:

– error(serious difficulties, such as loss of data or functionality. If the service fails to load at startup, an error message is logged. Error entries are marked with a circle with a cross inside);

– warning(events that were not significant at the time of writing to the log, but may lead to difficulties in the future. For example, if there is little left on the disk free space, a warning is logged. Warnings are marked with a triangle with an exclamation mark);

– notification(an event describing the successful completion of an action by an application or service. For example, after a successful download, a notification event is logged. Notifications are marked with a circle with a “tail” and the letter “i” inside);

– success audit(an event corresponding to a successfully completed action related to maintaining the security of the system. For example, in case of a successful user login, an event with the "Success audit" type is logged);

– failure audit(an event corresponding to an unsuccessfully completed action related to maintaining system security. For example, in the case of failed attempt user access to a network drive, an event of type "Audit Failures" is logged).

How to use event logs for troubleshooting

Careful analysis of event logs helps prevent system problems and determine their causes. For example, if there is a warning in the log that the disk can only read or write a sector after a few attempts, then that sector may soon become unusable.

Logs can also help you resolve issues related to application performance. For example, if a program crashes, there are usually entries in the application log about the events that cause it to crash.

Reading event logs is a sacred (daily!) duty of programmers and system administrators. Often, even for an ordinary user, viewing these logs can make life much easier by making communication with managed Windows more enjoyable and productive!

Notes

1. The event log service starts automatically at startup Windows.

IN operating system Windows 7 release tracking feature important events that occur at work At Microsoft, the term "events" refers to any incidents in the system that are recorded in a special log and signal themselves to users or administrators. This could be a utility that doesn't want to run, apps that crash, or devices that don't install correctly. All incidents registers and saves the Windows 7 event log. It also locates and shows all activities in chronological order, helps to perform system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should review this log periodically for new information and configure the system to save important data.

Windows 7 - programs

The Event Viewer computer application is the main part of the Microsoft utility utilities that are designed to monitor and view the event log. This essential tool to monitor the health of the system and eliminate emerging errors. The Windows utility that manages incident documentation is called the Event Log. If this service is running, then it starts collecting and logging all important data in its archive. The Windows 7 event log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating a subscription for specific incidents and managing them;

Assign specific actions when any events occur.

How to open the Windows 7 event log?

The program responsible for registering incidents is launched as follows:

1. The menu is activated by pressing the "Start" button in the lower left corner of the monitor, then the "Control Panel" opens. In the list of controls, select "Administration" and already in this submenu click on "Event Viewer".

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search box and send a file search request. Next, the MMC table will open, where you need to select a paragraph indicating the addition and removal of snap-ins. Then the Event Viewer is added to the main window.

What is the described application?

In Windows 7 and Vista operating systems, two events are installed: system archives and application service log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the "Event Log" service uses the "View" tab, which is divided into the following items:

Application - events that are associated with a particular program are stored here. For example, mail services store in this place the history of information transfer, various events in mailboxes, and so on.

The "Security" item saves all data related to logging in and out of the system, using administrative features and accessing resources.

Installation - This Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - captures all OS events, such as a failure to start service applications or when installing and updating device drivers, various messages related to the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the "Administration" menu, where the event log in Windows 7 is located, there are such additional items:

Internet Explorer - events that occur during the operation and configuration of the browser of the same name are registered here.

Windows PowerShell - Incidents related to the use of the PowerShell shell are recorded in this folder.

Hardware Events - if this item is configured, then the data generated by devices is logged.

The entire structure of the "seven", which provides a record of all events, is based on the type of "Vista" on XML. But to use the event log program in Window 7, you don't need to know how to use this code. The Event Viewer application will do everything by itself, providing a convenient and simple table with menu items.

Incident Characteristics

A user who wants to know how to view the Windows 7 event log must also understand the characteristics of the data that he wants to view. After all, there are various properties of certain incidents described in the Event Viewer. These features will be discussed below:

Sources - a program that captures events in the log. The names of the applications or drivers that affected a particular incident are recorded here.

Event code - a set of numbers that determine the type of incident. This code and event source name is used technical support system support for and elimination of software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Mistake.

4. Dangerous mistake.

5. Monitoring of successful error correction operations.

6. Audit of unsuccessful actions.

Users - captures the data of accounts on behalf of which the names of various services occurred, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur during the operation of the operating system. All incidents are displayed in the "Event Viewer" with a description of all related information data.

How to work with the event log?

Very important point in protecting the system from crashes and freezes is the periodic review of the "Application" log, which records information about incidents, recent actions with a particular program, and also provides a choice of available operations.

Going into the Windows 7 event log, in the "Application" submenu, you can see a list of all programs that caused various negative events in the system, the time and date of their appearance, the source, as well as the degree of problem.

User responses to events

After learning how to open the Windows 7 event log and how to use it, you should further learn how to apply with this useful Task Scheduler application. To do this, right-click on any incident and select the menu for linking a task to an event in the window that opens. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and fix it.

An error in the log is not a reason to panic

If, while viewing the Windows 7 system event log, you see intermittent system errors or warnings, then you should not worry and panic about this. Even with a perfectly working computer, various errors and failures can be recorded, most of which do not pose a serious threat to the health of the PC.

The application described by us was created in order to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

Based on the foregoing, it becomes clear that the event log is a way that allows programs and the system to record and save all events on a computer in one place. This log stores all operational errors, messages, and warnings from system applications.

Where is the event log located in Windows 7, how to open it, how to use it, how to fix errors that have appeared - we learned all this from this article. But many will ask: “Why do we need this, we are not system administrators, not programmers, but ordinary users who, as it were, do not need this knowledge?” But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to cure himself in one way or another. And many often do. Similarly, a computer, which is a digital organism, can “get sick”, and this article shows one of the ways how to diagnose the cause of such a “disease”, based on the results of such an “examination”, you can make the right decision about the methods of subsequent “treatment”.

So the information about the way to view events will be useful not only to the system engineer, but also to an ordinary user.

The Windows OS line registers all the main events that occur in the system, followed by their entry in the log. Errors, warnings and just various notifications are recorded. Based on these records, an experienced user can correct the operation of the system and eliminate errors. Let's learn how to open the event log in Windows 7.

The event log is stored in a system tool called Event Viewer. Let's see how using various ways you can go to it.

Method 1: "Control Panel"

One of the most common ways to run the tool described in this article, although far from the easiest and most convenient, is by using "Control Panels".

Method 2: Run tool

It is much easier to initiate the activation of the described tool using the tool "Run".

The basic disadvantage of this quick and convenient method is the need to keep in mind the window command.

Method 3: Start Menu Search Box

A very similar method of calling the tool we are studying is carried out using the menu search field "Start".

Method 4: "Command line"

Calling the tool via "Command line" rather inconvenient, but such a method exists, and therefore it is also worth a separate mention. First we need to call the window "Command line".

Method 5: Direct start of the eventvwr.exe file

You can use such an "exotic" option for solving the problem as a direct start of the file from "Explorer". However, and this way can be useful in practice, for example, if failures have reached such a scale that other options to run the tool are simply not available. This is extremely rare, but quite possible.

First of all, you need to navigate to the location of the eventvwr.exe file. It is located in the system directory at the following path:

C:\Windows\System32

Method 6: Entering the file path in the address bar

With help "Explorer" we can launch the window we are interested in and faster. In this case, you do not even have to look for eventvwr.exe in the directory "System32". To do this, in the address field "Explorer" you just need to specify the path to this file.

Method 7: Create a shortcut

If you don't want to remember different commands or navigate through sections "Control Panels" consider too inconvenient, but at the same time you often use the magazine, then in this case you can create an icon on "Desktop" or in another place convenient for you. Then run the tool Event Viewer will be carried out as simply as possible and without the need to remember something.

Problems opening the magazine

There are cases when there are problems with opening the magazine in the ways described above. Most often this happens due to the fact that the service responsible for the operation of this tool is deactivated. When trying to run the tool Event Viewer a message will be displayed stating that the event log service is unavailable. Then you need to activate it.

First of all, you need to go to "Service Manager". This can be done from the section "Control Panels", which is called "Administration". How to go to it was described in detail when considering Method 1. Once in this section, look for the item "Services". Click on it.

IN "Service Manager" you can go with the tool "Run". Call it by typing Win+R. Type in the input area:

Click OK.

Regardless of whether you made the transition through "Control Panel" or used the command input in the tool field "Run", starts "Service Manager". Look for an element in the list "Windows Event Log". To facilitate the search, you can arrange all the objects in the list in alphabetical order by clicking on the field name "Name". After the desired row is found, take a look at the corresponding value in the column "State". If the service is enabled, then there should be an inscription "Works". If it is empty, it means that the service is deactivated. Also look at the value in the column "Startup Type". In normal condition, there should be an inscription "Automatically". If there is a value "Disabled", it means that the service is not activated at system startup.

To fix this, go to the properties of the service by double-clicking on the name paintwork.

A window opens. Click on an area "Startup Type".

Choose from the dropdown list "Automatically".

Click on the captions "Apply" And OK.

Returning to "Service Manager", check "Windows Event Log". In the left area of the shell, click on the inscription "Run".

The service has been started. Now in the column field corresponding to it "State" value will be displayed "Works", and in the column field "Startup Type" an inscription will appear "Automatically". Now the magazine can be opened in any of the ways that we described above.

There are quite a few options to activate the event log in Windows 7. Of course, the most convenient and popular ways are to go through "Toolbar", activation using the tool "Run" or menu search fields "Start". For easy access to the described function, you can create an icon on "Desktop". Sometimes there are problems starting the window Event Viewer. Then you need to check if the corresponding service is activated.

The seventh version of the Windows operating system implements the function of tracking important events that occur in the operation of system programs. At Microsoft, the term "events" refers to any occurrences in the system that are recorded in a special log and signal themselves to users or administrators. This could be a utility that doesn't want to run, apps that crash, or devices that don't install correctly. All incidents registers and saves the Windows 7 event log. It also arranges and shows all actions in chronological order, helps to perform system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should review this log periodically for new information and configure the system to save important data.

Windows 7 - programs

The Event Viewer computer application is the main part of the Microsoft utility utilities that are designed to monitor and view the event log. This is a necessary tool for monitoring the health of the system and eliminating errors that appear. The Windows utility that manages incident documentation is called the Event Log. If this service is running, then it starts collecting and logging all important data in its archive. The Windows 7 event log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating a subscription for specific incidents and managing them;

Assign specific actions when any events occur.

How to open the Windows 7 event log?

The program responsible for registering incidents is launched as follows:

What is the described application?

In Windows 7 and Vista operating systems, two types of event logs are installed: system archives and service application log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the "Event Log" service uses the "View" tab, which is divided into the following items:

The "Security" item saves all data related to logging in and out of the system, using administrative features and accessing resources.

Installation - This Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - captures all OS events, such as a failure to start service applications or when installing and updating device drivers, various messages related to the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the "Administration" menu, where the event log in Windows 7 is located, there are such additional items:

Internet Explorer - events that occur during the operation and configuration of the browser of the same name are registered here.

Windows PowerShell - Incidents related to the use of the PowerShell shell are recorded in this folder.

Hardware events - if this item is configured, then the data generated by devices is logged.

Incident Characteristics

Sources - a program that captures events in the log. The names of the applications or drivers that affected a particular incident are recorded here.

Event code - a set of numbers that determine the type of incident. This event source code and name is used by system software technical support to fix bugs and troubleshoot software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Mistake.

4. Dangerous mistake.

5. Monitoring of successful error correction operations.

6. Audit of unsuccessful actions.

Users - captures the data of the accounts on behalf of which the incident occurred. These can be the names of various services, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur during the operation of the operating system. All incidents are displayed in the "Event Viewer" with a description of all related information data.

How to work with the event log?

A very important point in protecting the system from crashes and freezes is to periodically review the "Application" log, which records information about incidents, recent actions with a particular program, and also provides a choice of available operations.

User responses to events

An error in the log is not a reason to panic

The application described by us was created in order to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

So the information about the way to view events will be useful not only to the system engineer, but also to an ordinary user.

Instruction

Log in with administrator rights. To do this, your current user must be a member of the "Administrators" group, or obtain the appropriate authority by delegation. If the computer is joined to , members of the Domain Admins group can perform this procedure. In this case, to ensure security, use the "Run as" command.

Go to the main menu to delete events from the log, to do this, click on the "Start" button, select the "Control Panel" command, double-click on the "Administrative Tools" icon. In this window, select the "Event Viewer" icon and double-click on it, or press the Enter button.

Open the Event Viewer window. In the tree of this console, select the log you want to clear. Go to the "Action" menu, select the "Clear all events" option. To save the log before clearing it, click the Yes button. If the log is stored in a file, it cannot be cleared in this way. To clear the log, you must delete the file in which it is stored.

Delete entries in the Windows 7 operating system. To do this, go to the main menu and select "Control Panel", then select the "Administration" option from the panel components. Next, select the "Event Viewer" administrative command.

Next, open the "MMC Management Console", to do this, click on the "Start" button, enter Mmc in the search field, press Enter. From the Console menu, select the Add or Remove Snap-in option, or press Crtl+M. In the dialog box, select "Event Viewer", Click "Add", then "Finish" and "OK".

Click Start, Run, type Eventvwr.msc. Next, go to the "Action" menu, the command "Clear Log". To save after cleanup, select Save and Cleanup. Enter a file name and click the "Save" button.

Related videos

Each browser has a function of fixing visited websites. The address of the opened page is written to a special file - magazine, and is saved. This feature can be changed or disabled.

Instruction

To clear magazine in Enternet Explorer, you need to open the "Tools" menu item. Select "Internet Options". The dialog box will open on the General tab. At the bottom is the "Journal" section. Click the "Clear" button. To completely disable the feature magazine a, set the value in the item "How many days to store links" to "0". Click the OK button.

In the Opera browser, click on the "Opera" icon in the upper left corner. Select Settings, then General Settings. In the window that opens, select the "Advanced" tab. On the left you will see a list of items. Select "History". In the "Remember visited addresses for history and autocomplete" section, in the "Remember addresses" item, there is the number of remembered web addresses. You can set the value to "0". Under this item is the line "Remember the contents of visited pages." If you need to disable the feature magazine and uncheck this box. Next, click the "Clear" button, then "OK".

IN Mozilla Firefox select the top menu "Tools", then the item "Settings". In the Settings dialog box, click the Privacy tab. In the "History" section, in the first paragraph "Remember the addresses of web pages visited in the last ... days" set the value to "0". Uncheck this item, it will become inactive. Also, if you do not want the data entered in the search bar to be saved, uncheck the box "Remember data entered in forms and the search panel". Click the OK button.

In the Google Chrome browser, click on the wrench icon in the upper right corner. Select "Tools" - "Clear browsing data". In the window " Clear data"Select the time for which you want to clear magazine(from the last hour to the total time of visits). Check the box "Clear" and click the "Clear browsing data" button.

The Windows 7 operating system has special service allowing monitoring of all events in the computer system. View application events" is a Microsoft Management Console (MMC) snap-in for viewing and managing magazines events.

You will need

Windows 7.

Instruction

Press the "Start" button to bring up the main menu and go to the "control panel".

Select "Administration" from the list of components and select "View events».

Return to the main menu and enter the value mmc in the search bar field to call the "MMC Management Console".

Confirm the execution of the command by pressing the Enter button.

Select the "Add or Remove Snap-in" command from the menu that opens the empty "MMC Management Console".

Specify the snap-in "View events in the Add/Remove Snap-Ins dialog box and click the Add button.

Confirm the execution of the command by pressing the "Finish" button.

Press the OK button to confirm your choice.

Select the desired magazine events to save it.

Specify a folder to save the selected file in the Save As dialog box. Select the desired file saving format in the File Type field and enter a name for the saved file in the File Name field.

Return to the "Action" menu to carry out the operation of clearing log data.

Specify the "Clear log" command.

Call the context menu by right-clicking on the line of the selected log and select "Clear log".

Click the "Clear" button to clear the log without saving.
Click the "Save and Clear" button to archive the data and then delete the log entries. In this case, specify a folder to save the log data in the Save As dialog box and enter a name in the File Name field.

note

Use the keyboard shortcut Microsoft Icon+K to open the Run dialog box, enter eventvwr.msc in the Open box, and then click OK to open the Event Viewer application.

Helpful advice

The main uses of the Event Viewer are to view events in selected logs, apply event filters, create event subscriptions, and assign specific actions to be taken when a particular event occurs.

Sources:

asusfans.ru
where to find the event log

Quite often, users of operating systems use " magazine events". This application allows you to track crashes, errors and malfunctions in the system. This tool can be used to perform diagnostic health checks, but in some cases it is not needed, so it has to be removed as an extra component.

You will need

Working with the Event Viewer applet.

Instruction

About existence magazine A events in the Windows operating system, not all users know. We can say that you need to study the system in depth to get to this component. It's pretty easy to find though if you're on Windows 7 or Windows Vista. Open the Start menu, activate the search bar and enter the command "View events". Select the first line in the search results and click on it.

You will see the Viewer applet. events". This component is also called the Preview snap-in. events". Before removing " magazine events”, it must first be opened or created (in some cases, the option to work magazine but disabled). To open magazine and click the top menu "Action", from the drop-down list of menus, select the item "Open saved magazine».

In the opened window "Open saved magazine» find the file « magazine A events". Use the File Explorer sidebar to quickly find the file you need. It is worth noting that by default the system offers to open several extensions, of which not each corresponds magazine y. In the dialog box you will see files of the following formats - evtx, evt and etl. evtx extension - files events, extension evt - obsolete files events etl extension - files magazine and traces.

After selecting the desired file, click the "Open" button in the lower right corner of the dialog box. To delete a recently opened magazine events, you need to go to your magazine y. Click on the triangle icon next to the Saved magazine s" on the left side of the window, then "Folder with saved magazine ami". Inside this folder will be all magazine s that were created by the system.

Select magazine events, which has a floppy disk icon next to it. Right click on the selected item. Select "Delete" from the context menu. In the window that opens, as a confirmation of the deletion operation, click the "Yes" button.

Every web browser keeps a history of users' browsing on the Internet. Perhaps you would prefer to keep this matter confidential. In this case, you need to clear magazine visits.

Instruction

If you are using IE7, from the Tools menu, select the Remove magazine" and click "Delete History" in the "History" section. In this window, you can delete cookies, temporary internet files and other data created while visiting various websites.

For the cleaning magazine and in IE8, launch the browser from the Start menu and go to the Security tab. Select the command "Remove magazine... ". If you want to save cookies and data from certain websites, check the box "Keep data from selected websites". Check the boxes for the data that you want to clear the hard drive from, and click "Delete".

To clear magazine visits to Mozilla Firefox above version 3, use the "Clear Recent History" command from the "Tools" menu. In the "Clear" window, click on the arrow and select the time interval that requires cleaning from the drop-down list magazine a. Expand the "Details" list by clicking on the arrow and check the box for the data you want to delete. Click "Clear Now".