One of the hardest problems when troubleshooting computers is getting information from users about what has been occurring on the computer. With Windows NT, Microsoft introduced a tool to help track what has been going on. This tool is Event Viewer. By default, Event Viewer has three different log files: one for the systems, one for applications, and one for security. Most system error messages get recorded in the system log. So, when you need to get an error message from the end user, you can now get that information from Event Viewer.
Upon completion of this lab, you will be able to:
Open Event Viewer and review the log files
For this lab, you will need a computer running Windows 2000 or XP.
You can easily access Event Viewer from either the Administrative Tools or from Computer Management. It should be one of the first places you look when you start to troubleshoot a system. Remember that most computer problems begin with a single problem and then cascade into a multitude of problems. Normally, when you solve the root problem, the rest disappear. Occasionally you may have multiple problems that require many troubleshooting steps.
In Event Viewer are three types of system log events—Information, Warning, and Error:
Information events are normal events that indicate the starting and stopping of services or drivers. They are indicated by a blue i.
Warning events are logged to indicate a source of future problems such as a nearly full hard drive. Warnings are indicated by an exclamation point in a yellow triangle.
An error is recorded when a service or driver fails. An X in a red circle indicates an error.
To identify system events,
Open Event Viewer:
In Windows 2000:
Start Settings Control Panel Administrative Tools Event Viewer
In Windows XP:
Start Control Panel Performance and Maintenance Administrative Tools Event Viewer
Open the System Log.
Look at the entries.
Double-click on an Information entry to get the full details. Record the details.
Double-click on a Warning entry to get the full details. Record the information.
Close the Event Viewer Window.