|
Home »
Windows
»
Windows Programs
Summary: Many Windows components log messages and the Event Viewer displays those messages. Unfortunately those messages are often cryptic and inconsistent.
In an ideal world,you'd never care about Event Viewer. In an ideal world software and hardware would always work, always meet expectations, and there'd never be any need to try and figure out why things are happening the way they are. In an ideal world we'd also be able to rely on the event viewer for clear and consistent information about what your system and all the applications running on it are experiencing. Sadly, we do not live in an ideal world. Event viewer can be a source for excellent clues into system failures and behavior. It can also be a frustrating source of exactly nothing. But it's definitely a tool worth knowing about if you're running Windows NT, 2000 or XP. • There are lots of ways to get to Event Viewer but I typically hit Start, Run, and type eventvwr. There are typically three logs available:
If you click on the System node on the left hand side you'll get something much like this:
Each line on the right corresponds to one event logged by the system. The event type can be a "Success Audit", Informational, a Warning, or an Error. Information here includes the date and time of the event, the source (the Windows component in this case) of the event, the "category", an event number, the user account in use when the event was logged, and the computer name. This is where things start to get a little disorganized:
If you double click on one of the event lines in the right hand pane you'll get something like this:
This is actually a fairly useful warning. The error number corresponds to the message displayed in the Description box. Here my system is telling me that my clock might be off because it wasn't able to reach a time server for an extended period of time. Clearly, just a warning. However from my application log comes another all-too-common type of entry:
This "Success Audit"; of my run of Office Update is trying to tell me something. Unfortunately "The Description for Event ID (0) ... cannot be found" is a very common Event Log entry. Often there will be additional data included that might give a clue as to what was being logged. In this case it appears to be a successful install of "VSDEBUG_6707_ENG". I think. And that leads to how things get even more obfuscated in the event log: applications often including the operating system itself fail to log things correctly or at all. In their defense the event log has a very convoluted interface to program to. So, should you care? Absolutely. The Event Log is far from perfect but it can contain valuable data. At worst it will tell you nothing. At best it may hold important clues to problems you may be having with your computer or the applications you're using. Go ahead and browse around in the event viewer. Don't panic when you see lots of warnings or errors; as I said, even a functioning computer will have those. In fact, if you look while your system is functioning normally you'll get a sense of what "normal" looks like in your event log. Then later when you see items that seem suspicious, out of place, or seem to be related to the problems you're seeing, that's information worth paying attention to. Article 175 | Posted April 2, 2004 |
Popular & Hot How do I make a new MSN Hotmail account? How do I delete history items from my Google tool bar? My desktop Recycle Bin has disappeared - why, and how do I get it back? I accidentally deleted my Recycle Bin in Vista - how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet? Are free email services worth it? Would you please recover my password? My account has been hacked or I've forgotten it.
Stay Informed Archives Advertisers |
||
•
I often check the event viewer and I get a lot of warnings but I could never find any explanation for them and they just keep on building up....Can I delete them all???
Posted by: Peter E Avon at March 3, 2007 5:57 AMHi Leo
Just started working with Server 2003 and found that the Security event log registers Success Audits about Logon/Logoff events on the server , but I know for a fact that these accounts are not being used by anyone (I only set them up recently to test, but have not given them to anyone). Have you come acros this yourself before?
Thank you
Rob
Posted by: Rob at April 19, 2007 8:15 PMHi Leo,
Posted by: James at April 24, 2007 7:35 PMI have this error msg, 'Proccess Notification: Failed to send the mail message error code: -49'. May I know what is that means? Thanks.
Is there a way for me to know which files have been accessed and copied from my pc using the Event Viewer?
Posted by: Kofi Ampaabeng at July 19, 2007 3:21 AMThe event log shows action 6006 (log off?) when I was out. I suspect someone is using my computer while I am at work. Shouldn't there be a corresponding action 6005 (log on?) action? does this mean they have deleted the log on action but forgotten about the 6006? Thanks for your comments...
Posted by: carl at November 23, 2007 10:23 PMI have an "illegal" entry in the event log and it seems to have rendered it inoperative. I was experimenting with a VB program and in trying to write to the event log, I inadvertently created a new category. The new category is actually something that looks like a global.asa entry: "Data Source=mis-sql;InitialCatlog=TimeEntry...." (more stuff)
I do not know how to remove it.
Even worse, in IIS, my Default Web Site service is stopped and will not start.
Any advice, including reinstall IIS, is appreciated.
Posted by: Henry Veldman at November 28, 2007 7:08 AMI don't actually see an answer to Leo's question about the anonymous logon. I also have that line item in the audit section of the event viewer. If anyon know where it is coming from or if it is nothing to worry about I would apprciate it if they could send a reply....thanks
Posted by: Debbie Barras at April 23, 2008 7:46 AMHi, I have written a windows service with a code for logging any info/errors into the eventlog. The event source is not getting created/displayed. The message that I am getting in the application source is that the event source was created but the node is not displayed in the viewer.
Posted by: Aditya at June 10, 2008 4:43 AMAny advice
EventViewer
Posted by: sekar at July 7, 2008 11:54 PMi have system events has more error files.how to trouble shooting this error.
error message:cant register the ip address
can u help me
Can we write the data in to the event viewer in windows operating system..if yes.. How???
Posted by: Rakesh at July 29, 2008 4:23 AM