Using event logs to troubleshoot problems

Careful monitoring of event logs can help you predict and identify the sources of system problems. For example, if log warnings show that a disk driver can only read or write to a sector after several retries, the sector is likely to go bad eventually. Logs can also confirm problems with software. If a program crashes, a program event log can provide a record of activity leading up to the event.

The following suggestions can help you use event logs to diagnose problems:

Archive logs in log format

The binary data associated with an event is saved if you archive the log in log format (.evt), but is discarded if you archive data in text (.txt) or comma-delimited (.csv) format. The binary data may help a developer or technical support specialist identify the source of a problem.

Note Event IDs

These numbers match a text description in a message file. Product support representatives can use the numbers to understand what occurred in the system.

Hardware problems

If you suspect a hardware component is the origin of system problems, filter the system log to show only those events generated by the component.

System problems

If a particular event seems related to system problems, try searching the event log to find other instances of the same event or to judge the frequency of an error.

Event Viewer overview

Archive an event log

The event header

Filter events in an event log

Search for specific events

View more details about an event


Top of pageTop of page