Any particular computer can have dozens, and in some cases
hundreds, of different components, services, and applications
configured on it. Keeping all these components working properly is a
big job. Known problems are tracked in the Problem Reports And Solutions
console. Like the built-in diagnostic features, this console attempts
to provide solutions to problems where possible. Not all problems can
be automatically detected and resolved, and this is where the errors
reported by Windows components, applications, services, and hardware
devices become useful.
Using the Event Logs for Error Tracking and Diagnosis
Windows 8 stores errors generated by processes, services,
applications, and hardware devices in log files. Two general types of
log files are used:
-
Windows logs
Logs used by the
operating system to record general system events related to
applications, security, setup, and system components
-
Applications and services logs Logs used by specific applications or services to record application-specific or service-specific events
Entries in a log file are recorded according to the warning level of the activity. Entries can include errors as well as general informational events. You’ll see the following levels of entries:
-
Information An informational event, which is generally related to a successful action
-
Audit Success
An event related to the successful execution of an action
-
Audit Failure
An event related to the failed execution of an action
-
Warning A warning, details of which are often useful in preventing future system problems
-
Error
An error, such as the failure of a service to start
In addition to level, date, and time, the summary and detailed event entries provide the following information:
-
Source
The application, service, or component that logged the event.
-
Event ID
An identifier for the specific event.
-
Task Category
The category of the event, which is sometimes used to further describe the related action.
-
User
The user account
that was logged on when the event occurred. If a system process or
service triggered the event, the user name is usually that of the
special identity that caused the event, such as NetworkService,
LocalService, or System.
-
Computer
The name of the computer on which the event occurred.
-
Details In the detailed entries, this provides a text description of the event, followed by any related data or error output.
Viewing and Managing the Event Logs
You can access event
logs by using the Event Viewer node in Computer Management. To open
Computer Management, from Control Panel, tap or click System And
Security, Administrative Tools, and then Computer Management. Another
way to open Computer Management is to press the Windows key, type compmgmt.msc, and then press Enter.
You can access the event logs by completing the following steps:
-
Open Computer Management. You are connected to the local computer by
default. If you want to view logs on a remote computer, press and hold
or right-click the Computer Management entry in the console tree (left
pane), and then tap or click Connect To Another Computer. In the Select
Computer dialog box, enter the name of the computer that you want to
access, and then tap or click OK.
-
Expand the Event Viewer node, and then expand the Windows Logs node,
the Application And Services Logs node, or both nodes to view the
available logs.
-
Select the log that you want to view, as shown in Figure 1.
Note
Pressing Windows key
+ X provides a shortcut menu for quickly accessing frequently used
tools, including Computer Management and Event Viewer. Once you open
Event Viewer, you can connect to other computers by right-clicking the
Event Viewer entry in the console tree (left pane), and then tapping or
clicking Connect To Another Computer.
Warnings and errors are the two key types of events you’ll
want to examine. Whenever these types of events occur and you are
unsure of the cause, double-tap or double-click the entry to view the
detailed event description.
