Accessing and reading Windows log files and event viewer
If you haven’t been aware, almost every bigger event in MS Windows system (Xp, Vista, Windows 7) is being logged and saved for a particular time in the event viewer files, or the so called Windows logs. Even though they might mean nothing to you and stay there for good, they might also play specific role in identifying Windows system malfunction reasons as well as various breakdowns related to software and hardware. Windows event logs can be extremely useful for PC maintenance, especially in troubleshooting Windows errors, since every log would display system warnings, alerts and failures.
Windows log files location
Log files in Windows XP are stored in system disk (C:) and the path most probably looks like this: C:\WINDOWS\system32\config\. In the last “config” folder you may find event viewer files with “evt” extension, such as antivirus.evt, application.evt, security.evt, etc.
Windows 7 log files location is a bit different. They are stored in Windows system root catalogue (or your system disk, usually C:) and the path is: system drive:\Windows\System32\Winevt\Logs.
The event viewer files are named almost the same as in Windows XP with a slight difference in extension: application.evtx, security.evtx and so on and so forth.
How to access and read Windows Event Viewer?
There are two ways you can access Windows XP event viewer.
First:
1. Right click on “My computer” icon on a desktop, select “Manage”. The Computer management windows will open where you will notice event viewer folder icon.
2. Click on it and the contents will expand.
3. Double click the necessary event log file (Application, Security, System…)
Second:
1. Click on “Start menu”, then “Control Panel”.
2. In a new window find and double click “Administrative tools”.
3. Double click “Event viewer“ shortcut.
To access Windows 7 event viewer log files, you must do the same as in the first Windows XP option. You can also do it another way, but I prefer the first, because it’s easier.
Reading Event viewer warning and alerts
You should specifically pay attention to warning and error signs. In order to read them just click on the event you’re interested in and read the displayed date, source, and event ID information with a description below. You will notice two arrows on a message window – they will take you to the next log file entry.
Cleaning up log files in event viewer
If you need to delete event viewer log files just right click the necessary log file and select “clear all events”. You will be prompted to save the log file before cleaning it, just press no and the file will be cleaned. You may also save the files in any location, just right click on them, select “save log file as”, enter file name and file type (evt, csv or txt).
Windows Event viewer XP
Hello,
How can i log who accesses to the eventviewer ? say, user 1 open eventviewer to see a particular logs (security, app, systel,..) and i want an eventid to be generated in the eventlog that says user 1 has accesses to the eventlog.
I try to enable audit on privilege success and put sacl in system drive:\Windows\System32\Winevt\Logs but all i have is users1 open mmc.exe instaead of eventviwer.exe.
os: windows 2008 R2
I don’t have Win 2008 R2, only worked with 2003. Anyway, I never needed user event viewer access logs. You should ask this kind of question in 2008 server forums.
Hi,
In which .log, if any, I could find info regarding the reasons for freezing of XP, going to standby?
Thanks in advance.
Look for “System” under the “Event Viewer”. This kind of info is usually there.
Anyone knows about sorting techniques which used on event viewer log??
Anyone know how to correct message (problem): “Two IP addresses found” indicating there is another computer with same IP number. There is only one PC here.
You have to provide more info on this issue. If you are on some kind of WIFI network, then maybe DHCP server issued one more identical IP address by mistake…
please help me to identify another network with my IP address. He stole my phone and used my email see my mails.
Please, close and lock this phone. The phone’s IMEI Number is 355524051804367 or possible identify his position and let me know.
Thank you.
Lonsdale.
Sorry, Lonsy, but I can’t help you here. You should call the police or the network service provider, they should be able to help you.