- Microsoft Event Log Errors
- Microsoft Event Log Help Program
- Microsoft Event Log Help Phone Number
- Microsoft Event Viewer Help
- Microsoft Event Log Online Help
- Microsoft Event Log Codes
- Microsoft Windows System Event Log
The Windows Event Viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems.
Note that even a properly functioning system will show various warnings and errors in the logs you can comb through with Event Viewer. Scammers even use this fact on occasion to deceive people into believing their system has a problem only the scammer can fix. In one infamous scam, a person claiming to be from Microsoft phones someone up and instructs them to open the Event Viewer. The person is sure to see error messages here, and the scammer will ask for the person’s credit card number to fix them.
As a rule of thumb, assuming your PC is working properly, you can pretty much ignore the errors and warnings that appear in the Event Viewer. That said, it’s worth having a basic working knowledge of the tool, and knowing when it can be useful to you.
Apr 20, 2005 Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®. If you encountered the page, as long as the event database on the Microsoft server doesn't contain a special event id you will run into this.: A similar discussion is for your reference: Event Log Online Help cannot find any result. If there is anything else regarding this issue, please feel free to post back. Best Regards, Anna Wang. Every Windows 10 user needs to know about Event Viewer. Windows has had an Event Viewer for almost a decade. Few people know about it. At its heart, the Event Viewer looks at a small handful of logs that Windows maintains on your PC. The logs are simple text files, written in XML format. Important Note: There are always going to be errors and warnings in the event log, and you can’t solve all of them. The most important thing is to use Event Viewer to troubleshoot problems you are already having, rather than trying to find problems that you don’t know about yet. Just sign in and go. Access your favorite Microsoft products and services with just one login. From Office and Windows to Xbox and Skype, one username and password connects you to the files, photos, people, and content you care about most.
Launching the Event Viewer
To launch the Event Viewer, just hit Start, type “Event Viewer” into the search box, and then click the result.
Events are placed in different categories, each of which is related to a log that Windows keeps on events regarding that category. While there are a lot of categories, the vast amount of troubleshooting you might want to do pertains to three of them:
- Application: The Application log records events related to Windows system components, such as drivers and built-in interface elements.
- System: The System log records events related to programs installed on the system.
- Security: When security logging is enabled (it’s off by default in Windows), this log records events related to security, such as logon attempts and resource access.
Don’t Panic!
You’re sure to see some errors and warnings in Event Viewer, even if your computer is working fine.
The Event Viewer is designed to help system administrators keep tabs on their computers and troubleshoot problems. If there isn’t a problem with your computer, the errors in here are unlikely to be important. For example, you’ll often see errors that indicate a program crashed at a specific time—which may have been weeks ago—or that a service failed to start with Windows, but was likely started on a subsequent attempt.
In the image below, for example, you can see that an error was generated when the Steam Client Service failed to start in a timely fashion. However, we’ve had no problems with the Steam client on the test computer, so it’s likely a one-time error that corrected itself on a subsequent launch.
In theory, other applications are also supposed to log events to these logs. However, many applications don’t offer very useful event information.
Uses for the Event Viewer
RELATED:Everything You Need To Know About the Blue Screen of Death
At this point, you’re probably wondering why you should care about Event Viewer, but it actually can be helpful if you’re troubleshooting a specific problem. For example, if your computer is blue-screening or randomly restarting, Event Viewer may provide more information about the cause. For example, an error event in the System log section may inform you which hardware driver crashed, which can help you pin down a buggy driver or a faulty hardware component. Just look for the error message associated with the time your computer froze or restarted—an error message about a computer freeze will be marked as Critical.
You can also look up specific event IDs online, which can help locate information specific to the error you’re encountering. Just double-click the error in Event Viewer to open its property window and look for the “Event ID” entry.
There are other cool uses for the Event Viewer, too. For example, Windows keeps track of your computer’s boot time and logs it to an event, so you can use the Event Viewer to find your PC’s exact boot time. If you’re running a server or other computer that should rarely shut down, you can enable shutdown event tracking. Whenever someone shuts down or restarts the computer, they’ll have to provide a reason. You can view each shut down or system restart and its reason in the Event Viewer.
READ NEXTMicrosoft Event Log Errors
- › How to Use Text Editing Gestures on Your iPhone and iPad
- › Windows 10’s BitLocker Encryption No Longer Trusts Your SSD
- › How to Disable or Enable Tap to Click on a PC’s Touchpad
- › How HTTP/3 and QUIC Will Speed Up Your Web Browsing
- › Motherboards Explained: What Are ATX, MicroATX, and Mini-ITX?
In today’s edition of Geek School, we’re going to teach you how to use Event Viewer to troubleshoot problems on your PC and understand what is going on under the hood.
The biggest problem with Event Viewer is that it can be really confusing – there are a lot of warnings, errors, and informational messages, and without knowing what it all means, you can assume (incorrectly) that your computer is broken or infected when there’s nothing really wrong.
In fact, the tech support scammers are using Event Viewer as part of their sales tactic to convince confused users that their PC is infected with viruses. They walk you through filtering by only critical errors and then act surprised that all you are seeing are critical errors.
Learning how to use and understand Event Viewer is a critical skill for figuring out what is going on with a PC, and troubleshooting problems.
Understanding the Interface
When you first open Event Viewer, you’ll notice it uses the three-pane configuration like many of the other administrative tools in Windows, although in this case, there are actually quite a few useful tools on the right-hand side.
The left-hand pane displays a folder view, where you can find all of the different event logs, as well as the views that can be customized with events from many logs at once. For instance, the Administrative Events view in recent versions of Windows displays all of the Error, Warning, and Critical events whether they originated from the Application log or the System log.
The middle pane displays a list of events, and clicking on them will display the details in the preview pane – or you can double-click on any of them to pull it up in a separate window, which can be handy when you are looking through a big set of events and want to find all the important things before beginning an internet search.
The right-hand pane gives you quick access to actions like creating custom views, filtering, or even creating a scheduled task based on a particular event.
The events themselves are what we’re trying to see, of course, and their usefulness can range from really specific and obvious things that you can fix easily to the very vague messages that don’t make any sense and you can’t find any information on Google. The regular fields on the display contain:
- Log Name – while in older versions of Windows everything got dumped into the Application or System log, in the more modern editions there are dozens or hundreds of different logs to choose from. Each Windows component will most likely have its own log.
- Source – this is the name of the software that generates the log event. The name usually doesn’t directly match with a filename, of course, but it is a representation of which component did it.
- Event ID – the all-important Event ID can actually be a little confusing. If you were to Google for “event ID 122” that you see in the next screenshot, you wouldn’t end up with very useful information unless you also include the Source, or application name. This is because every application can define their own unique Event IDs.
- Level – This tells you how severe the event is – Information just tells you that something has changed or a component has started, or something has completed. Warning tells you that something might be going wrong, but it isn’t all that important yet. Error tells you that something happened that shouldn’t have happened, but isn’t always the end of the world. Critical, on the other hand, means something is broken somewhere, and the component that triggered this event has probably crashed.
- User – this field tells you whether it was a system component or your user account that was running the process that caused the error. This can be helpful when looking through things.
- OpCode – this field theoretically tells you what activity the application or component was doing when the event was triggered. In practice, however, it will almost always say “Info” and is pretty useless.
- Computer – on your home desktop, this will usually just be your PC’s name, but in the IT world, you can actually forward events from one computer or server to another computer. You can also connect Event Viewer to another PC or server.
- Task Category – this field is not always used, but it ends up basically being an informational field that tells you a bit more information about the event.
- Keywords – this field is not usually used, and generally contains useless information.
As a rule of thumb, you should try searching by the general description, or the Event ID and the Source, or a combination of those values.
Just remember that the Event ID is unique… for each application. So there is a lot of overlap and you can’t just search for “Event ID 122” because you’ll get a lot of nonsense.
Important Note: There are always going to be errors and warnings in the event log, and you can’t solve all of them. The most important thing is to use Event Viewer to troubleshoot problems you are already having, rather than trying to find problems that you don’t know about yet.
And yes, you are going to need to use your Google skills to research the events that you don’t know about. There’s no easy magic solution.
The one thing that you might immediately do when seeing this dialog is click that More Information link… the problem is that it currently doesn’t take you anywhere useful. You just end up at an error page on Microsoft’s site.
What’s scary is that 8464 people rated the Page Not Found as helpful.
Remapping the Online Event ID Search to Actually Work
For some reason, the “More Information: Event Log Online Help” link just flat out doesn’t work for us, but luckily there’s a great registry hack that you can use to fix the problem.
What we’re going to do is just change the redirection URL in the registry to point towards Google… except because of the way that the arguments are passed, we’ll need to point it towards an intermediate page that will parse out the arguments and form the correct Google search URL.
For the purpose of this article we put up a page on our own server, and you are welcome to use it. If you’d rather not use our server, the single line of PHP code is listed out at the end of this section.
To make this change, head down to the following registry key:
HKLMSoftwareMicrosoftWindows NTCurrentVersionEventViewer
Find the MicrosoftRedirectionURL value on the right-hand side, and then change the value out from the default, which is http://go.microsoft.com/fwlink/events.asp and insert this value instead:
https://www.howtogeek.com/eventid
Once you’ve done that, clicking on the link in the Event Properties window will immediately redirect you over to Google, with the relevant data already included (Event ID, log name, and “application”, which tends to just say Microsoft Windows).
Microsoft Event Log Help Program
How does this work? It’s pretty simple – Event Viewer adds on a set of parameters as query string arguments to the URL that we put into the registry. Then the script extracts those arguments and redirects over to Google, passing the arguments as search terms instead.
Using a simple PHP script, this is what we came up with to handle the redirect.
header(‘Location: http://google.com/search?q=Event ID ‘ . $_GET[‘EvtID’] . ‘ ‘ . $_GET[‘EvtSrc’] . ‘ ‘ . $_GET[‘ProdName’]);
You can host the same thing over on your own server if you want, or you can use the one sitting on our server. Up to you.
Beware Internet Sites with “Solutions” for Event ID “Problems”
There are a ton of web sites out there that automatically generate pages for every single event ID, and then populate them with nonsense. That would be just fine, except for many of these events, there are not a lot of other good results.
Those sites will then offer to solve the problem if you just download some piece of software for your free analysis. In all cases these will be ads, and the software “solution” is a fraud.
Microsoft Event Log Help Phone Number
There is NO software package that can solve all of your event log problems.
Using Filters and Custom Views
Rather than going through the zillion folders of custom event logs and trying to find everything that you’re looking for, you can create a custom view that displays just the events that you want to see.
Microsoft Event Viewer Help
For best results, you would want to filter by just the specific things you want to see – probably Critical, Error, and Warning, and then pick the specific event logs you want this view to look through. Don’t select too many, though, because it will just fail to work.
Once you’ve selected what you want in the view, you’ll be asked to give the custom view a name, and then you can use it to see just the events that you’ve filtered for. It’s an incredibly great way to deal with massive logs full of nonsensical information events.
Perhaps even easier, of course, is to just use the built-in Administrative Events view, which displays the important messages from each of the main logs.
Look Through the Windows Diagnostics Performance Log
There are a lot of interesting logs to look at when you are troubleshooting, but one of the most interesting is found by browsing through the folders to the following location:
Microsoft Windows Diagnostics-Performance
This results in an event log that shows all of the things that Windows logs internally for performance checking – if your computer boots up slower than normal, Windows will usually have a log entry for it, and will often list out the component that caused Windows to boot more slowly.
It’s worth noting that just because the message shows an error doesn’t mean it’s the end of the world, unless it shows up all the time. Then you might want to think about it.
Fixing that Error from Earlier
Curious about the Event in the screenshot earlier in the article? If you get the message “Access to drivers on Windows Update was blocked by policy”, the solution is really simple. Open up Control Panel, search for “driver” and then choose Change device installation settings.
Microsoft Event Log Online Help
You’ll notice in the next screenshot that this particular computer was set to not automatically download device drivers from Windows update. To resolve the problem and make more of the messages show up in Event Viewer, all you have to do is switch the radio button over to “Yes, do this automatically”.
Nice and simple. Problem solved, warning message resolved.
Attaching Tasks to Events
If you were paying attention in the last Geek School lesson, you might remember that you can create a Task Scheduler trigger by event ID – and you can also do the same thing going the other way. Right-click on any task and you can easily attach a Scheduled Task to run whenever an event happens.
Other Features You Might Need
Event Viewer has a couple of other features that you might be interested in using. For most people, just going through the list and knowing what to look for is important.
Microsoft Event Log Codes
Subscriptions, found in the left-hand menu, is a feature largely used in an enterprise environment to forward events from one server to another so you can manage them all in one place. This requires the Windows Event Collector and Windows Remote Management services to be running. For home users, you shouldn’t mess with it, other than for learning purposes on your test system.
If you right-click on the items on the left-hand side, you’ll see a ton of actions (the same ones usually found on the right-hand pane).
You can save out all of the events in a log for viewing later or on another PC, you can copy a view or export it as an XML file to import to another computer.
READ NEXTMicrosoft Windows System Event Log
- › How to Use the chroot Command on Linux
- › How to Make iPhone Apps Always Ask for Location Access
- › Do You Need an Antivirus on a Mac?
- › How to Hide Twitter Replies
- › How to Install Apps Directly On Your Apple Watch