2. Tracking Errors in the Event Logs
Windows 7 stores errors generated by processes, services,
applications, and hardware devices in logfiles. Two general types of
logfiles are used:
- Windows logs
Logs that the operating system uses to record general system
events related to applications, security, setup, and system
components
- Applications and services logs
Logs that specific applications or services use to record
application-specific or service-specific events
You can access event logs using the Event Viewer node in Computer Management. To open Computer Management, click
the Start button, right-click on the Computer icon, and then select
Manage from the context menu provided.
You can access the event logs by completing the following
steps:
Open Computer Management. You are connected to the local
computer by default. If you want to view logs on a remote computer,
right-click the Computer Management entry in the console tree (left
pane) and then select Connect to Another Computer. Then, in the
Select Computer dialog box, enter the name of the computer that you
want to access and click OK.
Expand the Event Viewer node and then expand the Windows Logs
node, the Applications and Services Logs node, or both to view the
available logs.
Select the log that you want to view.
As shown in Figure 2, Windows 7 records
entries in log files according to the activity date, time, and warning
level. The various warning levels you’ll see are as follows:
- Information
An informational event, which is generally related to a
successful action
- Audit Success
An event related to the successful execution of an
action
- Audit Failure
An event related to the failed execution of an action
- Warning
A warning about a component, service, or application that
can be useful in resolving current problems or preventing future
problems
- Error
A noncritical error that you should examine
- Critical
An error for which there is no recovery
In addition to the date, time, and warning level, the summary and
detailed event entries provide the following information:
- Source
The application, service, or component that logged the
event
- Event ID
An identifier for the specific event
- Task Category
The category of the event, which is sometimes used to
further describe the related action
- User
The user account or system process that was logged on when
the event occurred or that caused the event to occur
- Computer
The name of the computer where the event occurred
- Details
A text description of the event followed by any related data
or error output
You can examine events by double-clicking the entry to view the
detailed event description. Use the information provided to help you
resolve problems. To learn more about the error or warning, click the
link provided in the error description or search the Microsoft Knowledge
Base for the event ID or part of the event description.
