MaSSSoftech

Event Viewer is often the first troubleshooting tool that you will use to diagnose a problem and gather troubleshooting information. Event Viewer has many improvements and new features to help you search for event information on both a local and a remote computer. You can create custom views to save filtered information, subscribe to a remote log to forward events, and view event data for specific Windows applications and services.

Event Viewer can be accessed under the Diagnostics category in Server Manager or by launching it from the command line by typing eventvwr.msc. This opens MMC with the Event Viewer snap-in module loaded. Event Viewer has been categorized into five key areas.

Following are the descriptions of five key areas:

Event Logs Summary: Event Logs Summary aggregates events from key logs. Data is categorized by error, warning, information, and audit success events. You can see a snapshot of events that have occurred over the last hour, 24 hours, and 7 days. You can also view the total number of events, recently accessed nodes, and a summary of log properties.

Windows Logs: The Windows Logs area includes the Application, Security, and System logs. It also includes two new logs, the Setup Log and the ForwardedEvents log. Windows logs store events from earlier applications and events that apply to the entire system.

Applications and Services Logs: Applications and Services Logs have been extended to include new log files for hardware events, Internet Explorer, and key management services, and Windows components. These logs give you a direct approach for gathering troubleshooting and diagnostic information.

Subscriptions: The Subscriptions area gives you the ability to collect copies of events from multiple computers and store them locally. The subscription specifies exactly which events will be collected and in which log they will be stored. Event collecting depends on the Windows Remote Management and the Event Collector services.

Custom Views: The Custom Views lists displays views that you have saved after querying, analyzing, and sorting events. You can use these views for future references. You can select a custom view, apply the underlying filter, and the results are displayed.