Windows Event Viewer Overview

This article describes the Microsoft® Windows® Event Viewer.

The Windows Event Viewer is an interface that enables you to view, navigate, and search event logs. Windows logs each event that occurs so you can troubleshoot and keep track of system issues. Either an application or a person can cause these events.

Events

By default, Windows logs include the following categories:

  • Application: Information from the applications installed.
  • Security: Information related to login attempts, privilege requests, and audits.
  • Setup: Messages generated during application installation and Windows operating system updates.
  • System: Messages generated by the operating system.
  • Forwarded Events: Events from other computers. You must set up your computer as a central subscriber.

Each event has one of the following severity levels:

  • Information: Messages that indicate a successful action.
  • Warning: Messages that indicate this might become a problem.
  • Error: Messages that indicate a significant problem occurred.

Security audit logs log either a success or failure.

Note: You often see Warning and Error logs. These do not necessarily mean that there is a problem.
The operating system has built-in checks. Most applications automatically solve these issues and bring your normal services back online. You only need to focus on alerts related to the issues you are investigating.

Access the Event Viewer

The following sections provide instructions for accessing the Event Viewer in different versions of Windows Server®.

Windows Server 2008 R2

  1. Click Start -> Control Panel -> System and Security -> Administrative Tools.
  2. Double-click Event Viewer.

Windows Server 2012

  1. Click the Start button.
  2. Right-click Start, select Control Panel -> System Security, and double-click Administrative Tools.
  3. Double-click Event Viewer.

Windows Server 2012 R2 and Windows Server 2016

  1. Right-click Start, select Control Panel -> System & Security, and double-click Administrative Tools.
  2. Double-click Event Viewer.

Note: While you can review most logs in Windows Event Viewer, some applications have their own application logs. These exceptions include the following applications or functions:

  • DNS Manager
  • Failover Cluster Manager
  • Internet Information Services (IIS) access
  • Task Scheduler History
  • Windows Component Service