Windows Vista constantly monitors your system for
unusual or noteworthy occurrences. It might be a service that doesn’t
start, the installation of a device, or an application error. Vista
tracks these occurrences, called events,
in several different event logs. For example, the Application log
stores events related to applications, including Windows Vista programs
and third-party applications. The System log stores events generated by
Windows Vista and components such as system services and device drivers.
To examine these logs, you
use the Event Viewer snap-in, which has a much-improved interface in
Windows Vista. You get to the Event Viewer by using any of the following
techniques (in each case you must also enter your UAC credentials):
Select Start, right-click Computer, click Manage, and then click Event Viewer.
Press Windows Logo+R (or select Start, All Programs, Accessories, Run), type eventvwr.msc, and then click OK.
Select Start, Control Panel, System and Maintenance, and under Administrative Tools, click the View Event Logs link.
Figure 1
shows the home page of the Event Viewer, which offers a summary of
events, recent views, and available actions. (If you don’t see the
Action pane, click the Show/Hide Action Pane toolbar button, pointed out
in Figure 1.)
The scope pane offers three branches: Custom Views, Windows Logs, and Applications and Services Logs.
The Custom Views
branch lists the event views defined on your system (as described
later). If you filter an event log or create a new event view, the new
view is stored in the Custom Views branch.
The Windows Logs branch displays several sub-branches, four of which represent the main logs that the system tracks (see Figure 2):
Application— Stores events related to applications, including Windows Vista programs and third-party applications
Security— Stores events related to system security, including logons, user accounts, and user privileges
Setup— Stores events related to Windows setup
System— Stores events generated by Windows Vista and components such as system services and device drivers
You should scroll
through the Application and System event logs regularly to look for
existing problems or for warnings that could portend future problems.
The Security log isn’t as important for day-to-day maintenance. You need
to use it only if you suspect a security issue with your machine; for
example, if you want to keep track of who logs on to the computer.
When you select a log, the
middle pane displays the available events, including the event’s date,
time, and source; its type (Information, Warning, or Error); and other
data. Here’s a summary of the major interface changes and new features
that you get when viewing a log in Vista’s Event Viewer:
The Preview pane
shows you the basic event data in the General tab, and more specific
data in the Details tab. You can toggle the Preview pane on and off by
selecting View, Preview Pane.
Event data is now stored in XML format. To see the schema, click XML View in the Preview pane’s Details tab.
The Filter command now generates queries in XML format.
You can click Create Custom View to create a new event view based on the event log, event type, event ID, and so on.
You
can attach tasks to events. Click the event you want to work with and
then click Attach Task to This Event in the Action pane. This launches
the Scheduled Tasks Wizard, which enables you to either run a program or
script or have an email sent to you each time the event fires.
You can save selected events to a file using the Event File (.elf) format.
The Applications and
Services Logs branch lists the programs, components, and services that
support the standard event-logging format that is new to Windows Vista.
All the items in this branch formerly stored their logs in separate text
files that were unavailable in older versions of Event Viewer unless
you specifically opened the log file.
