This could be a service that doesn't want to start, a device installation, or an application error. Events are logged and stored in the Windows event logs and provide important historical information to help you monitor your system, maintain system security, troubleshoot problems, and perform diagnostics. The information contained in these logs should be reviewed regularly. You should regularly monitor the event logs and configure the operating system to save important system events. In the event that you are a Windows server administrator, then you need to monitor the security of their systems, the normal operation of applications and services, and also check the server for errors that can degrade performance. If you are a user personal computer, then you should make sure that you have access to the appropriate logs that you need to support your system and troubleshoot errors.

Event Viewer is a Microsoft Management Console (MMC) snap-in for viewing and managing event logs. It is an indispensable tool for monitoring system health and troubleshooting. The Windows service that manages event logging is called "Event Log". In the event that it is running, Windows writes important data to the logs. With Event Viewer, you can do the following:

View events of specific logs;
Apply event filters and save them for later use as custom views;
Create event subscriptions and manage them;
Assign the execution of specific actions to the occurrence of a specific event.

Launching the Event Viewer

The Event Viewer application can be opened in the following ways:
Click on the "Start" button to open the menu, open the "Control Panel", select "Administrative Tools" from the list of control panel components and select "Event Viewer" from the list of administrative components;
Open the "MMC Management Console". To do this, click on the "Start" button, type mmc in the search field, and then press the "Enter" button. An empty MMC console will open. From the Console menu, select the Add or Remove Snap-in command, or use the Ctrl+M keyboard shortcut. In the "Add/Remove Snap-Ins" dialog, select the "Event Viewer" snap-in and click the "Add" button. Then click on the "Finish" button, and after that - the "OK" button;
Use the key combination WIN + R to open the "Run" dialog. In the "Run" dialog box, in the "Open" field, enter eventvwr.msc and click on the "OK" button; to the taskbar and see this log.

Event Logs in Windows 7

In the Windows 7 operating system, as well as in Windows Vista, there are two categories of event logs: Windows logs and application and service logs. Windows logs - in use operating system for logging system-wide events related to the operation of applications, system components, security and startup. And application and service logs are used by applications and services to log events related to their operation. You can use the Event Viewer snap-in or the wevtutil command-line tool, which I'll cover in Part 2 of this article, to manage event logs. All log types are described below:
Application - stores important events related to a specific application. For example, Exchange Server stores events related to mail forwarding, including information store events, mailbox events, and running services. The default location is %SystemRoot%\System32\Winevt\Logs\Application.Evtx.

Safety- Stores security-related events such as login/logout, privilege usage, and resource access. By default placed in %SystemRoot%\System32\Winevt\Logs\Security.Evtx

Installation- this log records events that occur during the installation and configuration of the operating system and its components. The default location is %SystemRoot%\System32\Winevt\Logs\Setup.Evtx.

System- stores events of the operating system or its components, such as failures to start services or initialize drivers, system-wide messages, and other messages related to the system as a whole. By default placed in %SystemRoot%\System32\Winevt\Logs\System.Evtx

Forwarded events- if event forwarding is configured, this log includes events forwarded from other servers. By default placed in %SystemRoot%\System32\Winevt\Logs\ForwardedEvents.Evtx

Internet Explorer- this log records events that occur when configuring and working with the Internet Explorer browser. By default placed in %SystemRoot%\System32\Winevt\Logs\InternetExplorer.Evtx

Windows PowerShell- Events related to the use of the PowerShell shell are logged in this log. By default located in %SystemRoot%\System32\Winevt\Logs\WindowsPowerShwll.Evtx

Equipment events- if equipment event logging is configured, events generated by devices are written to this log. By default placed in %SystemRoot%\System32\Winevt\Logs\HardwareEvent.Evtx

In Windows 7, the event logging infrastructure is XML-based, as in Windows Vista. The data for each event follows an XML schema, allowing you to access the XML code for any event. In addition, you can create XML-based queries to retrieve data from logs. No knowledge of XML is required to use these new features. The Event Viewer snap-in provides a simple graphical interface for accessing these features.

Event properties

There are several event properties of the Event Viewer, which are detailed below:
The source is the program that logged the event. This can be either the name of a program (for example, "Exchange Server") or the name of a system or large application component (for example, the name of a driver). For example, "Elnkii" means the EtherLink II driver.

Event code is a number that specifies a particular type of event. The first line of the description usually contains the name of the event type. For example, 6005 is the event ID that occurs when the event logging service starts. Accordingly, at the beginning of the description of this event is the line "Event log service started". Event ID and record source name can be used by support team representatives software product for troubleshooting.

Level is the level of importance of the event. In the system and application logs, events can have the following severity levels:

Notification- denotes a change in an application or component, such as the occurrence of an information event associated with a successful action, the creation of a resource, or the start of a service.
Warning- indicates a warning general an issue that could affect the service or lead to a more serious problem if left unattended;
Error- indicates that a problem has occurred that may affect functions external to the application or component that raised the event;
Critical error- indicates that a failure has occurred from which the application or component that fired the event cannot recover automatically;
Success audit- Successful completion of activities that you track through auditing, such as the use of a privilege;
Failure audit- failure of actions that you track through auditing, such as a login failure.
User- defines the user account on whose behalf this event occurred. Users include specific entities such as Local Service, Network Service, and Anonymous Logon, as well as real user accounts. This name is the client ID if the event was actually raised by the server process, or the main ID if no impersonation is in progress. In some cases, a security log entry contains both identifiers. And also in this field there can be N / A (N / A) if the account is not applicable in this situation. Impersonation occurs when the server allows one process to assign the security attributes of another process.

Working code- contains a numeric value that specifies the operation or point within the operation that triggered the event. For example, initialization or closing.

Magazine- the name of the log in which this event was recorded.

Category and tasks- defines the category of the event, sometimes used to further describe a valid action. Each event source has its own categories. For example, the following categories are: Login/Logout, Privilege Use, Policy Change, and Account Management.

Keywords is a set of categories or labels that can be used to filter or search for events. For example: "Network", "Security" or "Resource not found".

Computer- identifies the name of the computer on which the event occurred. This is usually the name of the local computer, but can also be the name of the computer that forwarded the event, or the name of the local computer before it was changed.

date and time- defines the date and time of occurrence of this event in the log.

Process ID- represents the identification number of the process that generated this event. computer program is only a passive set of instructions, while the process is the direct execution of these instructions

Thread ID- represents the identification number of the thread that created this event. A process spawned in an operating system can consist of several threads running "in parallel", that is, without a prescribed order in time. For some tasks, this separation can achieve more efficient use of computer resources.

Processor ID- represents the identification number of the processor that processed the event.

Session code is the identification number of the session on the terminal server in which the event occurred.

Kernel Time Specifies the time spent executing kernel-mode instructions, in units of CPU time. Kernel mode has unlimited access to system memory and external devices. The kernel of an NT system is called a hybrid kernel or a macrokernel.

Operating time in user mode Specifies the time spent executing user-mode instructions, in units of CPU time. User mode consists of subsystems that pass I/O requests to the appropriate kernel mode driver via the I/O manager.

Processor load is the time spent executing user-mode instructions, in CPU ticks.

Correlation Code - Identifies the action in the process for which the event is used. This code is used to specify simple relationships between events. Correlation – a statistical relationship between two or more random variables(or values ​​that can be considered as such with some acceptable degree of accuracy). At the same time, changes in one or more of these quantities lead to a systematic change in the other or other quantities.

Relative Correlation ID- defines relative action in the process for which the event is used

Working with event logs:

Event Viewer
To view Application log events, follow these steps:
In the console tree select " Windows logs";
Select the Apps log.

It is a good idea to review the Application and System event logs frequently and look for existing problems and warnings that may portend problems in the future. When a log is selected, the middle window displays the available events, including the date of the event, time and source, event level, and more.

The Viewport pane shows basic event data on the General tab and additional specific data on the Details tab. You can turn this panel on and off by selecting the View menu and then the Viewport command.

For critical systems, it is recommended to keep logs for the last few months. As a rule, assigning logs such a size that all the information fits in them is inconvenient, as a rule, this problem can be solved in another way. You can export logs to files located in a specified folder. To save the selected log, do the following:

In the console tree, select the event log you want to save;
Select the "Save Events As" command from the "Action" menu or select the "Save All Events As" command from the context menu of the log;
In the "Save as" dialog that appears, select the folder where the file should be saved. If you want to save the file in a new folder, you can create it directly from this dialog using the context menu or the "New folder" button on the action bar. In the "File type" field, select the desired file format from the available ones: event files - *.evtx, xml file - *.xml, tab-separated text - *.txt, comma-separated csv - *.csv. Enter a name in the "File Name" field and click the "Save" button. To cancel saving, click on the "Cancel" button;
If the event log is not intended to be viewed on another computer, leave the default option "Do not display information" in the "Display Details" dialog box, and if the log is intended to be viewed on another computer, then in the "Display Details" dialog box " select the option "Display information for the following languages" and click on the "OK" button.

Clearing the event log

Sometimes it is necessary to clear full event logs to ensure effective analysis operating system warnings and critical errors. To clear the selected log, do the following:
In the console tree, select the event log you want to clear;
Clear the log in one of the following ways:
From the Action menu, select Clear Log

On the selected log, right-click to open the context menu. In the context menu, select the "Clear log" command
Next, you can either clear the log or archive it if this has not been done before:
To clear the event log without saving, click on the "Clear" button;
To clear the event log after saving it, click on the "Save and clear" button. In the "Save as" dialog that appears, select the folder where the file should be saved. If you want to save the file in a new folder, you can create it directly from this dialog using the context menu or the "New Folder" button on the action bar. Enter a name in the "File Name" field and click the "Save" button. To cancel saving, click on the "Cancel" button.

Setting the maximum log size

As mentioned above, event logs are stored as files in the %SystemRoot%\System32\Winevt\Logs\ folder. By default, the maximum size of these files is limited, but you can change it in the following way:


Select the "Properties" command from the "Action" menu or from the context menu of the selected log

In the "Maximum log size (KB)" field, set the required value using the counter, or set it manually without using the counter. In this case, the value will be rounded up to the nearest multiple of 64 KB because the size of the log file must be a multiple of 64 KB and cannot be less than 1024 KB.
Events are stored in a log file, which can only grow up to a specified maximum size. After the file reaches the maximum size, the processing of incoming events will be determined by the log retention policy. The following log retention policies are available:
Rewrite events if necessary (old files first) - in this case, new entries continue to be written to the log after it is full. Each new event replaces the oldest one in the log;

Archive log when full; do not rewrite events - in this case, the log file is automatically archived if necessary. Stale events are not overwritten.

Do not rewrite events (clear log manually) - in this case, the log is cleared manually, not automatically.

To select the desired log retention policy, follow these steps:

In the console tree, select the event log for which you want to resize;
Select the "Properties" command from the "Action" menu or from the context menu of the selected log;
On the "General" tab, in the "When the maximum size is reached" section, select the required option and click the "OK" button.
Enable analytic and debug logging

Analytic and debug logs are disabled by default. Once activated, they fill up quickly. big amount events. For this reason, it is desirable to enable these logs for a limited period of time in order to collect the data necessary for troubleshooting, and then disable them again. Logs can be activated as follows:

In the console tree, find and select the analytic or debug log you want to activate;
Select the "Properties" command from the "Action" menu or from the context menu of the selected analytic or debug log;
On the General tab, check the box next to "Enable logging"

Opening and closing a saved log

You can use the Event Viewer snap-in to open and view previously saved logs. You can open multiple saved logs at the same time and access them at any time in the console tree. A log opened in the Event Viewer can be closed without deleting the information it contains. To open a saved log, do the following:

Select the "Open saved log" command from the "Action" menu or from the context menu in the console tree;
In the Open Saved Log dialog box, navigate through the directory tree to open the folder containing the desired file. By default, all event log files will be displayed in the dialog box. Also, when opening, you can select the type of files that you want to display in the open dialog. Available file types are: event log files (*.evtx, *.evt, *.etl), as well as event files (*.evtx), legacy event files (*.evt), or trace log files (*.etl). After the desired log file is found, select it by clicking on it with the left mouse button, which will place its name in the line for entering the file name and click on the "Open" button

In the Open Saved Log dialog, in the Name field, enter a new name to be used for the log in the console tree. It is only used to represent the log in the console tree and does not change the log file name. You can also use an existing log file name. In the Description field, enter a description for the log. It will be displayed in the center pane when the parent log folder is highlighted in the console tree;
To create a folder in which the saved log will be located, click on the "Create Folder" button. In the Name field, enter a name for the folder that will contain the open log, and then click OK. If parent folder is not selected, the new folder will be located in the Saved Logs folder

To make the open event log inaccessible to other users of the computer, you can uncheck the "All users" box. If this checkbox remains active, the open log will be available to all users, but administrator rights will be required to remove it from the console tree;
To open the log, click on the "OK" button.
To delete an open event tree log, do the following:

In the console tree, select the log you want to delete;
Select the "Delete" command from the "Action" menu or from the context menu of the selected log

In the "Event Viewer" dialog, click the "Yes" button.

Conclusion

This part of the Event Viewer snap-in article introduces the snap-in itself and details the basic operations involved in monitoring and maintaining your system using the Event Viewer.

Instruction

Magazine opens in the "Event Viewer" window, where the logs of system and program events and security events on the computer are kept. Using this window, you can not only receive information about events, but also manage logs. To open the Event Viewer window, you need to do a few things.

Click on the "Start" button at the bottom left of the screen or on the Windows key on your keyboard (flag key). In the expanded menu, select the "Control Panel" item (depending on the settings of the "Start" menu, the item may be available immediately or located in the "Settings" menu).

In the Control Panel, go to the Performance and Maintenance category and select the Administrative Tools icon by clicking on it with the left mouse button. If the "Control Panel" has a classic look, the icon you are looking for is available immediately.

Select the "Event Viewer" shortcut in the "Administration" folder, the desired window will open. It can be called in another way. Go to the directory C: (or another disk with the system) / Documents and Settings / All Users (or a specific account) / Main Menu / Programs / Administration and select the Event Viewer shortcut.

In the window that opens, you will be able to view and manage various logs. Select the log you need (Application, Security, System, Internet Explorer, and so on) in the left part of the window by clicking on it with the left mouse button. In the right part of the window, you will see a list of all events recorded in the log. Each event can be viewed by double-clicking on it with the left mouse button.

To manage events, use the "Actions" menu item or call the context menu by right-clicking on the required log. To close the "Event Viewer" window, select the "Console" item in the top menu bar and the "Exit" command, or click the [x] icon in the upper right corner of the window.

Sources:

  • where can i find the job log

The editorial offices of some journals prefer to publish their editions on official websites. Access can be full or partial, paid or free. Sometimes visitors to the site can read in this way only those magazines that are already sold out in kiosks.

Instruction

Make sure you are served by an unlimited data provider. Go to the official website of the journal you wish to read in in electronic format. Try to find on the main page of this site a link called "Archive". Follow this link.

You will see a list of the years of issue of magazines available for viewing. Select the year first and then the month. After that, a link will appear for downloading a local copy of the journal, a list of articles or pages for viewing individually (in text or graphic form), or a plug-in window (Flash, Adobe Reader or Djview). If the necessary plug-in is not installed on your computer, download it from the official website of the manufacturer and install it.

If the site provides for the possibility of downloading the journal issues to the user's hard drive, download one of the issues, and then, by the extension of the received file, determine which program is required to view it. Most often it is Acrobat Reader or Djview. Sometimes files are placed in archives, for example, ZIP format. Please note that having the ability to download magazines for free does not give you the right to post them on any other sites.

The Windows Vista operating system carefully and relentlessly monitors everything that happens to it. Absolutely all actions, which are called "events", are constantly recorded and distributed into various categories. The Event Viewer (which is, in case you're wondering, a MMC snap-in) can be thought of as a journal kept by a scrupulous and caustic old lady on a bench by the porch. It captures who enters and leaves the house, what conversations are being held between residents, who divorced and fought with whom. In other words, it has a complete picture of how the house lives.

A similar function is performed by the spying program Event Viewer, which, unlike the curiosity of the old woman, is designed to diagnose and identify those problems in the OS that the user had no idea about.

All events occurring in the system are recorded in special system logs. Event Viewer allows you to view the contents of these logs, archive them, and delete them. How exactly can you use this program? The main purpose is to identify the problems that have arisen and the reason for their occurrence. If the device fails, the hard drive is “crammed to capacity”, some program constantly “freezes” or another unpleasant event occurs, information about what happened will be recorded in the corresponding system log. Then it is enough to launch the Event Viewer and get complete and visual information from the system log.

You can start the Event Viewer in one of the following ways.

  • Choose a team Start>Control Panel, click on the link System and its maintenance, then on the link Administration and finally on the link Event Viewer.
  • The second way for the impatient: enter the command in the command line eventvwr.

Recall that, in addition to clicking the button Start, you can call the command line window by pressing the key combination . Also, keep in mind that to use the full functionality of the Event Viewer tool, you need administrative access rights.

Either way, the window shown below will open.

  • View events from multiple system logs.
  • Create event filters as custom views.
  • The ability to create a task that runs automatically with a specific event.

Let's take a closer look at the window shown above. The window is divided into three panels. On the left panel Event Viewer There are several folders containing custom views, logs, and subscriptions. The central panel contains several sub-menus such as And Recently viewed nodes. Finally, on the right panel Actions you can select certain actions, such as creating a custom view or connecting to another computer.

Panel allows you to quickly identify all important events recorded over the past hour, day or week. Each type of event can be expanded to find out detailed information about the event. panel gives big picture what is happening in the system, and to get specific information, you should go to a specific event.

Since Event Viewer is used to view system logs, click the folder-shaped icons And Application and service logs on the left panel to expand the list of available journals. Let's consider it in more detail. In folder the following journals are presented.

  • Application. The events in this log are generated by applications, including installed programs that come with Windows Vista and operating system services. Exactly which events are recorded in this log depends on the specific program.
  • Safety. This log lists user login attempts (successful and unsuccessful), as well as actions related to public resources, such as actions to create, modify, or delete files or folders.
  • Settings. Events in this log are created when programs are installed.
  • System. System events are generated by Windows itself and by installed components such as device drivers. The log is useful for detecting drivers that failed to load when Windows started.
  • Forwarded events. In this log, you can find events collected from other computers on the network.

In folder Application and service logs You can find entries for individual applications and services. While other journals present general records, in this log you can find information about the operation of specific programs. Note the Microsoft subfolder, which in turn contains a Windows subfolder. In this folder, you can find entries for a wide variety of Windows Vista components, presented in separate folders.

Windows operating system version 7 introduces tracking functionality important events that occur in the operation of system programs. At Microsoft, the term "events" refers to any occurrences in the system that are recorded in a special log and signal themselves to users or administrators. This could be a utility that doesn't want to run, apps that crash, or devices that don't install correctly. All incidents registers and saves the Windows 7 event log. It also locates and shows all activities in chronological order, helps to perform system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should review this log periodically for new information and configure the system to save important data.

Windows 7 - programs

The Event Viewer computer application is the main part of the Microsoft utility utilities that are designed to monitor and view the event log. This essential tool to monitor the health of the system and eliminate emerging errors. The Windows utility that manages incident documentation is called the Event Log. If this service is running, then it starts collecting and logging all important data in its archive. The Windows 7 event log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating a subscription for specific incidents and managing them;

Assign specific actions when any events occur.

How to open the Windows 7 event log?

The program responsible for registering incidents is launched as follows:

1. The menu is activated by pressing the "Start" button in the lower left corner of the monitor, then the "Control Panel" opens. In the list of controls, select "Administration" and already in this submenu click on "Event Viewer".

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search box and send a file search request. Next, the MMC table will open, where you need to select a paragraph indicating the addition and removal of snap-ins. Then the Event Viewer is added to the main window.

What is the described application?

In Windows 7 and Vista operating systems, two types of event logs are installed: system archives and service application log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the "Event Log" service uses the "View" tab, which is divided into the following items:

Application - events that are associated with a particular program are stored here. For example, mail services store in this place the history of information transfer, various events in mailboxes, and so on.

The "Security" item saves all data related to logging in and out of the system, using administrative features and accessing resources.

Installation - This Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - captures all OS events, such as a failure to start service applications or when installing and updating device drivers, various messages related to the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the "Administration" menu, where the event log in Windows 7 is located, there are such additional items:

Internet Explorer - events that occur during the operation and configuration of the browser of the same name are registered here.

Windows PowerShell - Incidents related to the use of the PowerShell shell are recorded in this folder.

Hardware events - if this item is configured, then the data generated by devices is logged.

The entire structure of the "seven", which provides a record of all events, is based on the type of "Vista" on XML. But to use the event log program in Window 7, you don't need to know how to use this code. The Event Viewer application will do everything by itself, providing a convenient and simple table with menu items.

Incident Characteristics

A user who wants to know how to view the Windows 7 event log must also understand the characteristics of the data that he wants to view. After all, there are various properties of certain incidents described in the Event Viewer. These features will be discussed below:

Sources - a program that captures events in the log. The names of the applications or drivers that affected a particular incident are recorded here.

Event code - a set of numbers that determine the type of incident. This event source code and name is used by system software technical support to fix bugs and troubleshoot software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Mistake.

4. Dangerous mistake.

5. Monitoring of successful error correction operations.

6. Audit of unsuccessful actions.

Users - captures the data of the accounts on behalf of which the incident occurred. These can be the names of various services, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur during the operation of the operating system. All incidents are displayed in the "Event Viewer" with a description of all related information data.

How to work with the event log?

Very important point in protecting the system from crashes and freezes is the periodic review of the "Application" log, which records information about incidents, recent actions with a particular program, and also provides a choice of available operations.

Going into the Windows 7 event log, in the "Application" submenu, you can see a list of all programs that caused various negative events in the system, the time and date of their appearance, the source, as well as the degree of problem.

User responses to events

After learning how to open the Windows 7 event log and how to use it, you should further learn how to apply with this useful Task Scheduler application. To do this, right-click on any incident and select the menu for linking a task to an event in the window that opens. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and fix it.

An error in the log is not a reason to panic

If, while viewing the Windows 7 system event log, you see intermittent system errors or warnings, then you should not worry and panic about this. Even with a perfectly working computer, various errors and failures can be recorded, most of which do not pose a serious threat to the health of the PC.

The application described by us was created in order to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

Based on the foregoing, it becomes clear that the event log is a way that allows programs and the system to record and save all events on a computer in one place. This log stores all operational errors, messages, and warnings from system applications.

Where is the event log located in Windows 7, how to open it, how to use it, how to fix errors that have appeared - we learned all this from this article. But many will ask: “Why do we need this, we are not system administrators, not programmers, but ordinary users who, as it were, do not need this knowledge?” But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to cure himself in one way or another. And many often do. Similarly, a computer, which is a digital organism, can “get sick”, and this article shows one of the ways how to diagnose the cause of such a “disease”, based on the results of such an “examination”, you can make the right decision about the methods of subsequent “treatment”.

So the information about the way to view events will be useful not only to the system engineer, but also to an ordinary user.

Any modern OS with a GUI is based on events. The same goes for software, designed for such OS. The event is the cornerstone of this infrastructure. Events are understood not only as interactive actions of the user, but also as the results of various system processes hidden from the eyes of the system operator who presses the buttons and clicks on the keys.

Events are built-in, that is, those that are predefined by the architecture and created by the administrator or developer. In our article, we will consider the classification of events in Windows, the means for logging and viewing them, as well as methods for working with them.

The interface for viewing the events that have occurred in the system is called the “system log”. Log entries are created as a result of some actions of programs or users that are reserved by the OS as events. Of course, not every action is logged. There are too many of them for that.

For example, moving the mouse at least one pixel already generates a software exception and can potentially be processed by the OS, which, in essence, happens - such actions do not get into the log. But security warnings are logged, as they constitute critical information.

Windows allows you to fine-tune the list of critical system exceptions. To some extent, you are free to decide what exactly to log, and what information you can do without. To give you an idea of ​​this, here are some of the common log operations:

  • Viewing the list of events.
  • Filtering the list by certain criteria.
  • Creation of "triggers" of reactions to processes in the system - the so-called "subscription".
  • Assigning the type of reaction to a particular event.

How to view?

To view the contents of the log, you need to run the appropriate application. It is done like this:

  • Go to the "Start" menu => "Control Panel".
  • Select the "Administration" section.
  • In this section, click on the name of the Event Viewer component.
  • The program will start with a window characteristic appearance- the so-called "equipment". This snap is the visual interface for our protocol.

The same can be achieved if in the "Run" window (called from the same "Start" menu) type the mmc command. This command will launch a common interface for all snap-ins, in which you will need to go to the "Console" => "Add or Remove Snap-in" menu and call the required snap-in from the list of all snap-ins. In the seventh version of Windows, all this is done in the same way as in the previous one. The "Run" window can also be called up using the keyboard combination "Win" + "R" - the result will be the same. As a result of our manipulations, a window of the following type will appear:

OS event classification

Next, we will classify the entries in the log according to their meaning for the user. Events are divided into those that are generated by the operating system itself, and those that come from applications and services. However, such a classification does not take into account the meaning of the recorded phenomena. A more detailed grouping is as follows:

All data is stored in the popular XML format, so a wrapper like an event log is needed to read and process it. Direct viewing of events in the Windows 7 system in files, although possible, is extremely difficult. However, there is no need to do this, since the Windows 7 event log does this for us.

Recording options

Each entry in the Windows OS log has a uniform set of parameters that characterize its properties: a pointer to the source of origin, a special identifying code, the degree of criticality, and many others.