Windows 7 events. Viewing events in Windows Vista

Huge hello everyone!!

It is no longer a secret for anyone that in the Windows SEVEN operating system, just like in Windows Vista, there are two categories of event logs: application and service logs and Windows logs.

Windows logs - the operating system uses to log system-wide events that are related to the operation of system components, applications, security and startup. Logs of applications and services - applications and services are used to register events that are associated with their work. To manage event logs, you can use the Event Viewer snap-in or the command line wevtutil
I want to dwell on how you can work with event logs:
In order to view these same application log events, we need to perform the following steps:
Select "Windows Logs" in the console tree.
Select the "Applications" log.
If possible, it's a good idea to review the System and Application event logs frequently and look for problems and warnings that may predict problems in the future. The middle window displays the available events when a log is selected, including the date of the event, the level of the event, the time and source, and more.
The Viewport pane shows event data on the General tab, and the Details tab shows additional specific data.

This panel can be turned on and off by selecting the View menu and then the Viewport command.
It is recommended to store logs for several recent months for critical systems. As a rule, it is not very convenient to assign magazines such a size that all the information fits in them, and therefore this problem can be solved in a different way. Logs can be exported to files located in a specified folder. To save the selected log, do the following:
Select the event log to be saved in the console tree;
Select the "Save events as" command from the "Action" menu or select the "Save all events as" command from the context menu of the log;
In the "Save As" dialog, select the folder where the file should be saved. If you need to save a file in a new folder, you can create it directly from this dialog using the context menu or the "New Folder" button on the action bar. In the "File type" field, select the desired file format from the available ones: event files - *.evtx, xml file - *.xml, tab-separated text - *.txt, comma-separated csv - *.csv. Enter a name in the "File Name" field and click the "Save" button. Click on the "Cancel" button to cancel saving.
If the event log is not intended to be viewed on another computer, leave the default option "Do not display information" in the "Display information" dialog box, and if the log is intended to be viewed on another computer, then in the "Display information" dialog box select the option "Display information for the following languages" and click on the "OK" button.
How to work with event logs:
Event Viewer
If you want to view Application log events, follow these steps:
Select "Windows Logs" in the console tree;
Select the Apps log.
It is advisable to review the System and Application event logs and examine any problems and warnings. Selecting a log displays the available events in the middle window.
The Viewport pane will display basic event data on the General tab, and additional data will be displayed on the Details tab. You can turn this panel on and off by selecting the "View" menu and the "View Area" command.
It is recommended for critical systems to keep logs for the last months.

As a rule, it is inconvenient to assign such a size to journals so that all the information fits in them, as a rule, this problem can be solved in another way. You can export logs to files that are located in a specified folder. To save the selected log, follow these steps:
In the console tree, select the event log to save;
Select the "Save events as" command from the "Action" menu or select the "Save all events as" command from the log menu;
In the "Save As" dialog, select the folder where the file should be saved. If the file needs to be saved in a new folder, then it can be created from this dialog using the context menu or the "New Folder" button on the action bar. In the "File type" field, select the desired file format from the suggested ones: event files - *.evtx, tab-separated text - *.txt,
xml file - *.xml,
csv separated by commas - *.csv. Enter a name in the "File Name" field and click the "Save" button. To cancel saving, click on "Cancel"; In the event that the event log is not intended to be viewed on another computer, in the "Display Information" dialog box, leave the option "Do not display information" set by default, and if the log is intended to be viewed on another computer, then in the "Display Information" dialog box Select "Display information for the following languages" and click OK.
Clearing the event log
Select the event log in the console tree to be cleared; Clear the log in one of the following ways:
From the "Action" menu, select "Clear Log"
On the selected log, right-click to open the context menu. In the context menu, select the command "Clear log"
Next, you can clear the log or archive it if this has not been done before:
If the event log is cleared without saving, click on the "Clear" button;
To clear the event log after saving it, click on "Save and clear". In the "Save As" dialog, select the folder where the file should be saved. If you want to save a file in a new folder, you can create it from this dialog using the context menu or the "New Folder" button on the action bar. Enter a name in the File Name field and click Save. To cancel the save, press "Cancel". Phew, everything seems to be fine, but if it's not clear, then I'm waiting for your comments.

That's all and see you soon....

This could be a service that doesn't want to start, a device installation, or an application error. Events are logged and stored in the Windows event logs and provide important historical information to help you monitor your system, maintain system security, troubleshoot problems, and perform diagnostics. The information contained in these logs should be reviewed regularly. You should regularly monitor the event logs and configure the operating system to save important system events. In the event that you are a Windows server administrator, then you need to monitor the security of their systems, the normal operation of applications and services, and also check the server for errors that can degrade performance. If you are a PC user, you should make sure that you have access to the appropriate logs needed to support your system and troubleshoot errors.

Event Viewer is a Microsoft Management Console (MMC) snap-in for viewing and managing event logs. It is an indispensable tool for monitoring system health and troubleshooting. The Windows service that manages event logging is called "Event Log". In the event that it is running, Windows writes important data to the logs. With Event Viewer, you can do the following:

View events of specific logs;
Apply event filters and save them for later use as custom views;
Create event subscriptions and manage them;
Assign the execution of specific actions to the occurrence of a specific event.

Launching the Event Viewer

The Event Viewer application can be opened in the following ways:
Click on the "Start" button to open the menu, open the "Control Panel", select "Administrative Tools" from the list of control panel components and select "Event Viewer" from the list of administrative components;
Open the "MMC Management Console". To do this, click on the "Start" button, type mmc in the search field, and then press the "Enter" button. An empty MMC console will open. From the Console menu, select the Add or Remove Snap-in command, or use the Ctrl+M keyboard shortcut. In the "Add/Remove Snap-Ins" dialog, select the "Event Viewer" snap-in and click the "Add" button. Then click on the "Finish" button, and after that - the "OK" button;
Use the key combination WIN + R to open the "Run" dialog. In the "Run" dialog box, in the "Open" field, enter eventvwr.msc and click on the "OK" button; to the taskbar and see this log.

Event Logs in Windows 7

In the Windows 7 operating system, as well as in Windows Vista, there are two categories of event logs: Windows logs and application and service logs. Windows logs - used by the operating system to log system-wide events related to the operation of applications, system components, security, and startup. And application and service logs are used by applications and services to log events related to their operation. You can use the Event Viewer snap-in or the wevtutil command-line tool, which I'll cover in Part 2 of this article, to manage event logs. All log types are described below:
Application - stores important events related to a specific application. For example, Exchange Server stores events related to mail forwarding, including information store events, mailbox events, and running services. The default location is %SystemRoot%\System32\Winevt\Logs\Application.Evtx.

Security- Stores security-related events such as login/logout, privilege usage, and resource access. By default placed in %SystemRoot%\System32\Winevt\Logs\Security.Evtx

Installation- this log records events that occur during installation and configuration operating system and its components. The default location is %SystemRoot%\System32\Winevt\Logs\Setup.Evtx.

System- stores events of the operating system or its components, such as failures to start services or initialize drivers, system-wide messages, and other messages related to the system as a whole. By default placed in %SystemRoot%\System32\Winevt\Logs\System.Evtx

Forwarded events- if event forwarding is configured, this log includes events forwarded from other servers. By default placed in %SystemRoot%\System32\Winevt\Logs\ForwardedEvents.Evtx

Internet Explorer- this log records events that occur when configuring and working with the Internet Explorer browser. By default placed in %SystemRoot%\System32\Winevt\Logs\InternetExplorer.Evtx

Windows PowerShell- Events related to the use of the PowerShell shell are logged in this log. By default located in %SystemRoot%\System32\Winevt\Logs\WindowsPowerShwll.Evtx

Equipment events- if equipment event logging is configured, events generated by devices are written to this log. By default placed in %SystemRoot%\System32\Winevt\Logs\HardwareEvent.Evtx

In Windows 7, the event logging infrastructure is XML-based, as in Windows Vista. The data for each event follows an XML schema, allowing you to access the XML code for any event. In addition, you can create XML-based queries to retrieve data from logs. No knowledge of XML is required to use these new features. The Event Viewer snap-in provides a simple graphical interface for accessing these features.

Event Properties

There are several event properties of the Event Viewer, which are detailed below:
The source is the program that logged the event. This can be either the name of a program (for example, "Exchange Server") or the name of a system or large application component (for example, the name of a driver). For example, "Elnkii" means the EtherLink II driver.

Event code is a number that specifies a particular type of event. The first line of the description usually contains the name of the event type. For example, 6005 is the event ID that occurs when the event logging service starts. Accordingly, at the beginning of the description of this event is the line "Event log service started". The event ID and record source name can be used by the software product support team for troubleshooting purposes.

Level is the level of importance of the event. In the system and application logs, events can have the following severity levels:

Notification- denotes a change in an application or component, such as the occurrence of an information event associated with a successful action, the creation of a resource, or the start of a service.
A warning- indicates a general warning about a problem that could affect the service or lead to a more serious problem if left unattended;
Mistake- indicates that a problem has occurred that may affect functions external to the application or component that raised the event;
Critical error- indicates that a failure has occurred from which the application or component that fired the event cannot recover automatically;
Success audit- Successful completion of activities that you track through auditing, such as the use of a privilege;
Failure audit- failure of actions that you track through auditing, such as a login failure.
User- defines the user account on whose behalf this event occurred. Users include specific entities such as Local Service, Network Service, and Anonymous Logon, as well as real user accounts. This name is the client ID if the event was actually raised by the server process, or the main ID if no impersonation is taking place. In some cases, a security log entry contains both identifiers. And also in this field there can be N / A (N / A), if in this situation Account not applicable. Impersonation occurs when the server allows one process to assign the security attributes of another process.

Working code- contains numerical value A that specifies the operation or point within the operation that triggered this event. For example, initialization or closing.

Magazine- the name of the log in which this event was recorded.

Category and tasks- defines the category of the event, sometimes used to further describe a valid action. Each event source has its own categories. For example, the following categories are: Login/Logout, Privilege Use, Policy Change, and Account Management.

Keywords is a set of categories or labels that can be used to filter or search for events. For example: "Network", "Security" or "Resource not found".

A computer- identifies the name of the computer on which the event occurred. This is usually the name of the local computer, but can also be the name of the computer that forwarded the event, or the name of the local computer before it was changed.

date and time- defines the date and time of occurrence of this event in the log.

Process ID- represents the identification number of the process that generated this event. computer program is only a passive set of instructions, while the process is the direct execution of these instructions

Thread ID- represents the identification number of the thread that created this event. A process spawned in an operating system can consist of several threads running "in parallel", that is, without a prescribed order in time. For some tasks, this separation can achieve more efficient use of computer resources.

Processor ID- represents the identification number of the processor that processed the event.

Session ID is the identification number of the session on the terminal server in which the event occurred.

Kernel Time Specifies the time spent executing kernel-mode instructions, in units of CPU time. Kernel mode has unlimited access to system memory and external devices. The kernel of an NT system is called a hybrid kernel or a macrokernel.

Operating time in user mode Specifies the time spent executing user-mode instructions, in units of CPU time. User mode consists of subsystems that pass I/O requests to the appropriate kernel mode driver via the I/O manager.

Processor load is the time spent executing user-mode instructions, in CPU ticks.

Correlation Code - Identifies the action in the process for which the event is used. This code is used to specify simple relationships between events. Correlation – a statistical relationship between two or more random variables(or values ​​that can be considered as such with some acceptable degree of accuracy). At the same time, changes in one or more of these quantities lead to a systematic change in the other or other quantities.

Relative Correlation ID- defines relative action in the process for which the event is used

Working with event logs:

Event Viewer
To view Application log events, follow these steps:
In the console tree, select "Windows Logs";
Select the Apps log.

It is a good idea to review the "Application" and "System" event logs frequently and examine existing problems and warnings that may portend problems in the future. When a log is selected, the middle window displays the available events, including the date of the event, time and source, event level, and more.

The Viewport pane shows basic event data on the General tab, and additional specific data on the Details tab. You can turn this panel on and off by selecting the View menu and then the Viewport command.

For critical systems, it is recommended to keep logs for the last few months. As a rule, assigning logs such a size that all the information fits in them is inconvenient, as a rule, this problem can be solved in another way. You can export logs to files located in a specified folder. To save the selected log, do the following:

In the console tree, select the event log you want to save;
Select the "Save Events As" command from the "Action" menu or select the "Save All Events As" command from the context menu of the log;
In the "Save as" dialog that appears, select the folder where the file should be saved. If you want to save the file in a new folder, you can create it directly from this dialog using the context menu or the "New folder" button on the action bar. In the "File type" field, select the desired file format from the available ones: event files - *.evtx, xml file - *.xml, tab-separated text - *.txt, comma-separated csv - *.csv. Enter a name in the "File Name" field and click the "Save" button. To cancel saving, click on the "Cancel" button;
If the event log is not intended to be viewed on another computer, leave the default option "Do not display information" in the "Display Details" dialog box, and if the log is intended to be viewed on another computer, then in the "Display Details" dialog box " select the option "Display information for the following languages" and click on the "OK" button.

Clearing the event log

Sometimes it is necessary to clear the full event logs to ensure effective analysis of operating system warnings and critical errors. To clear the selected log, do the following:
In the console tree, select the event log you want to clear;
Clear the log in one of the following ways:
From the Action menu, select Clear Log

On the selected log, right-click to open the context menu. In the context menu, select the "Clear log" command
Next, you can either clear the log or archive it if this has not been done before:
To clear the event log without saving, click on the "Clear" button;
To clear the event log after saving it, click on the "Save and clear" button. In the "Save as" dialog that appears, select the folder where the file should be saved. If you want to save the file in a new folder, you can create it directly from this dialog using the context menu or the "New folder" button on the action bar. Enter a name in the "File Name" field and click the "Save" button. To cancel saving, click on the "Cancel" button.

Setting the maximum log size

As mentioned above, event logs are stored as files in the %SystemRoot%\System32\Winevt\Logs\ folder. By default, the maximum size of these files is limited, but you can change it in the following way:

Select the "Properties" command from the "Action" menu or from the context menu of the selected log

In the "Maximum log size (KB)" field, set the required value using the counter, or set it manually without using the counter. In this case, the value will be rounded up to the nearest multiple of 64 KB because the size of the log file must be a multiple of 64 KB and cannot be less than 1024 KB.
Events are stored in a log file, which can only grow up to a specified maximum size. After the file reaches the maximum size, the processing of incoming events will be determined by the log retention policy. The following log retention policies are available:
Rewrite events if necessary (old files first) - in this case, new entries continue to be written to the log after it is full. Each new event replaces the oldest one in the log;

Archive log when full; do not rewrite events - in this case, the log file is automatically archived if necessary. Stale events are not overwritten.

Do not rewrite events (clear log manually) - in this case, the log is cleared manually, not automatically.

To select the desired log retention policy, follow these steps:

In the console tree, select the event log for which you want to resize;
Select the "Properties" command from the "Action" menu or from the context menu of the selected log;
On the "General" tab, in the "When the maximum size is reached" section, select the required option and click the "OK" button.
Enable analytic and debug logging

Analytic and debug logs are disabled by default. Once activated, they fill up quickly. large quantity events. For this reason, it is desirable to enable these logs for a limited period of time in order to collect the data necessary for troubleshooting, and then disable them again. Logs can be activated as follows:

In the console tree, find and select the analytic or debug log you want to activate;
Select the "Properties" command from the "Action" menu or from the context menu of the selected analytic or debug log;
On the General tab, check the box next to "Enable logging"

Opening and closing a saved log

You can use the Event Viewer snap-in to open and view previously saved logs. You can open multiple saved logs at the same time and access them at any time in the console tree. A log opened in the Event Viewer can be closed without deleting the information it contains. To open a saved log, do the following:

Select the "Open saved log" command from the "Action" menu or from the context menu in the console tree;
In the Open Saved Log dialog box, navigate through the directory tree to open the folder containing the desired file. By default, all event log files will be displayed in the dialog box. Also, when opening, you can select the type of files that you want to display in the open dialog. Available file types are: event log files (*.evtx, *.evt, *.etl), as well as event files (*.evtx), legacy event files (*.evt), or trace log files (*.etl). After the desired log file is found, select it by clicking on it with the left mouse button, which will place its name in the line for entering the file name and click on the "Open" button

In the Open Saved Log dialog, in the Name field, enter a new name to be used for the log in the console tree. It is only used to represent the log in the console tree and the log file name is not changed. You can also use existing name log file. In the Description field, enter a description for the log. It will be displayed in the center pane when the parent log folder is highlighted in the console tree;
To create a folder in which the saved log will be located, click on the "Create Folder" button. In the "Name" field, enter the name of the folder that will contain open magazine, and then click OK. If no parent folder is selected, the new folder will be located in the Saved Logs folder

To make the open event log inaccessible to other users of the computer, you can uncheck the "All users" box. If this checkbox remains active, the open log will be available to all users, but administrator rights will be required to remove it from the console tree;
To open the log, click on the "OK" button.
To delete an open event tree log, do the following:

In the console tree, select the log you want to delete;
Select the "Delete" command from the "Action" menu or from the context menu of the selected log

In the "Event Viewer" dialog, click the "Yes" button.

Conclusion

This part of the Event Viewer snap-in article introduces the snap-in itself and details the basic operations involved in monitoring and maintaining your system using the Event Viewer.

Windows operating system version 7 introduces tracking functionality important events that occur in the operation of system programs. At Microsoft, the term "events" refers to any occurrences in the system that are recorded in special magazine and signal themselves to users or administrators. This could be a utility that doesn't want to run, apps that crash, or devices that don't install correctly. All incidents registers and saves the Windows 7 event log. It also locates and shows all activities in chronological order, helps to perform system control, ensures the security of the operating system, corrects errors and diagnoses the entire system.

You should review this log periodically for new information and configure the system to save important data.

Windows 7 - programs

The Event Viewer computer application is the main part of the Microsoft utility utilities that are designed to monitor and view the event log. This is essential tool to monitor the health of the system and eliminate emerging errors. The Windows utility that manages incident documentation is called the Event Log. If this service is running, then it starts collecting and logging all important data in its archive. The Windows 7 event log allows you to do the following:

Viewing data recorded in the archive;

Using various event filters and saving them for further use in system settings;

Creating a subscription for specific incidents and managing them;

Assign certain actions when any events occur.

How to open the Windows 7 event log?

The program responsible for registering incidents is launched as follows:

1. The menu is activated by pressing the "Start" button in the lower left corner of the monitor, then the "Control Panel" opens. In the list of controls, select "Administration" and already in this submenu click on "Event Viewer".

2. There is another way to view the Windows 7 event log. To do this, go to the Start menu, type mmc in the search box and send a file search request. Next, the MMC table will open, where you need to select a paragraph indicating the addition and removal of snap-ins. Then the Event Viewer is added to the main window.

What is the described application?

In Windows 7 and Vista operating systems, two types of event logs are installed: system archives and service application log. The first option is used to capture system-wide incidents that are related to the performance of various applications, startup and security. The second option is responsible for recording the events of their work. To control and manage all data, the "Event Log" service uses the "View" tab, which is divided into the following items:

Application - events that are associated with a particular program are stored here. For example, mail services store in this place the history of information transfer, various events in mailboxes, and so on.

The "Security" item saves all data related to logging in and out of the system, using administrative features and accessing resources.

Installation - This Windows 7 event log records data that occurs during the installation and configuration of the system and its applications.

System - captures all OS events, such as a failure to start service applications or when installing and updating device drivers, various messages related to the operation of the entire system.

Forwarded events - if this item is configured, then it stores information that comes from other servers.

Other sub-items of the main menu

Also in the "Administration" menu, where the event log in Windows 7 is located, there are such additional items:

Internet Explorer - events that occur during the operation and configuration of the browser of the same name are registered here.

Windows PowerShell - Incidents related to the use of the PowerShell shell are recorded in this folder.

Hardware events - if this item is configured, then the data generated by devices is logged.

The entire structure of the "seven", which provides a record of all events, is based on the type of "Vista" on XML. But to use the event log program in Window 7, you don't need to know how to use this code. The Event Viewer application will do everything by itself, providing a convenient and simple table with menu items.

Incident Characteristics

A user who wants to know how to view the Windows 7 event log must also understand the characteristics of the data that he wants to view. After all, there are various properties certain incidents described in the Event Viewer. These features will be discussed below:

Sources - a program that captures events in the log. The names of the applications or drivers that affected a particular incident are recorded here.

Event code - a set of numbers that determine the type of incident. This event source code and name is used by system software technical support to fix bugs and troubleshoot software failures.

Level - the degree of importance of the event. The system event log has six levels of incidents:

1. Message.

2. Caution.

3. Mistake.

4. Dangerous mistake.

5. Monitoring successful operations for correcting errors.

6. Audit of unsuccessful actions.

Users - captures the data of the accounts on behalf of which the incident occurred. These can be the names of various services, as well as real users.

Date and time - records the timing of the occurrence of the event.

There are many other events that occur during the operation of the operating system. All incidents are displayed in the "Event Viewer" with a description of all related information data.

How to work with the event log?

Highly important point in protecting the system from crashes and freezes is the periodic review of the "Application" log, which records information about incidents, recent actions with a particular program, and also provides a choice of available operations.

Going into the Windows 7 event log, in the "Application" submenu, you can see a list of all programs that caused various negative events in the system, the time and date of their occurrence, the source, and the degree of problem.

User responses to events

After learning how to open the Windows 7 event log and how to use it, you should further learn how to apply with this useful Task Scheduler application. To do this, right-click on any incident and select the menu for linking a task to an event in the window that opens. The next time such an incident occurs in the system, the operating system will automatically launch the installed task to process the error and fix it.

An error in the log is not a reason to panic

If, while viewing the Windows 7 system event log, you see intermittent system errors or warnings, then you should not worry and panic about this. Even with a perfectly working computer, various errors and failures can be recorded, most of which do not pose a serious threat to the health of the PC.

The application described by us was created in order to make it easier for the system administrator to control computers and troubleshoot emerging problems.

Conclusion

Based on the foregoing, it becomes clear that the event log is a way that allows programs and the system to record and save all events on a computer in one place. This log stores all operational errors, messages, and warnings from system applications.

Where is the event log located in Windows 7, how to open it, how to use it, how to fix errors that have appeared - we learned all this from this article. But many will ask: “Why do we need this, we are not system administrators, not programmers, but ordinary users who, as it were, do not need this knowledge?” But this approach is wrong. After all, when a person gets sick with something, before going to the doctor, he tries to cure himself in one way or another. And many often do. Similarly, a computer, which is a digital organism, can “get sick”, and this article shows one of the ways how to diagnose the cause of such a “disease”, based on the results of such an “examination”, you can make the right decision about the methods of subsequent “treatment”.

So the information about the way to view events will be useful not only to the system engineer, but also to an ordinary user.

Instruction

Magazine opens in the "Event Viewer" window, where the logs of system and program events and security events on the computer are kept. Using this window, you can not only receive information about events, but also manage logs. To open the Event Viewer window, you need to do a few things.

Click on the "Start" button at the bottom left of the screen or on the Windows key on your keyboard (flag key). In the expanded menu, select the "Control Panel" item (depending on the settings of the "Start" menu, the item may be available immediately or located in the "Settings" menu).

In the Control Panel, go to the Performance and Maintenance category and select the Administrative Tools icon by clicking on it with the left mouse button. If the "Control Panel" has a classic look, the icon you are looking for is available immediately.

Select the "Event Viewer" shortcut in the "Administration" folder, the desired window will open. It can be called in another way. Go to the directory C: (or another disk with the system) / Documents and Settings / All Users (or a specific account) / Main Menu / Programs / Administration and select the Event Viewer shortcut.

In the window that opens, you will be able to view and manage various logs. Select the log you need (Application, Security, System, Internet Explorer, and so on) in the left part of the window by clicking on it with the left mouse button. In the right part of the window, you will see a list of all events recorded in the log. Each event can be viewed by double-clicking on it with the left mouse button.

To manage events, use the "Actions" menu item or call the context menu by right-clicking on the required log. To close the "Event Viewer" window, select the "Console" item in the top menu bar and the "Exit" command, or click the [x] icon in the upper right corner of the window.

Sources:

• where can i find the job log

The editorial offices of some journals prefer to publish their editions on official websites. Access can be full or partial, paid or free. Sometimes visitors to the site can only read magazines that are already sold out on kiosks in this way.

Instruction

Make sure you are served by an unlimited data provider. Go to the official website of the journal you wish to read in in electronic format. Try to find on home page of this site a link called "Archive". Follow this link.

You will see a list of the years of issue of magazines available for viewing. Select the year first and then the month. After that, a link will appear for downloading a local copy of the journal, a list of articles or pages for viewing individually (in text or graphic form), or a plug-in window (Flash, Adobe Reader or Djview). If the necessary plug-in is not installed on your computer, download it from the official website of the manufacturer and install it.

If the site provides for the possibility of downloading issues of the journal on HDD user, download one of the releases, and then, by the extension of the received file, determine which program is required to view it. Most often it is Acrobat Reader or Djview. Sometimes files are placed in archives, for example, ZIP format. Please note that having the ability to download magazines for free does not give you the right to post them on any other sites.

Here's what's happening to me:

my user does not come to me,

but they walk in idle bustle

various not the same…

What is an event log

Everything that happens is under control Windows(click , key press, program launch…), are events ( events). The most important (in terms of Windows!) events (for example, hardware, application and system problems) are recorded by the operating system in so-called event logs.

How to view event logs

Windows Vista+: Start –> Control Panel –> Administrative Tools –> Event Viewer.

Windows XP: Start –> Settings –> Control Panel –> Administrative Tools –> Event Viewer(or Start –> Run –> in the window Program launch into the text field Open enter eventvwr.msc /s –> click OK).

Main types of magazines:

– application log(contains data related to the operation of applications and programs. Entries in this log are created by the applications themselves. Events entered in the application log are determined by the developers of the respective applications);

– security log(contains records of events such as successful and unsuccessful attempts to access the system, as well as events related to the use of resources, such as the creation, opening and deletion of files and other objects. Decide on events that are logged in the security log , accepted by the administrator.For example, after enabling auditing of a logon, all logon attempts are logged in the security log);

– system log(contains event entries made by operating system components Windows. For example, the system log logs failures during boot or other system components during system startup).

The Event Viewer displays events of the following types:

– mistake(serious difficulties, such as loss of data or functionality. If the service fails to load at startup, an error message is logged. Error entries are marked with a circle with a cross inside);

– a warning(events that were not significant at the time of writing to the log, but may lead to difficulties in the future. For example, if there is little left on the disk free space, a warning is logged. Warnings are marked with a triangle with an exclamation mark);

– notification(an event describing the successful completion of an action by an application or service. For example, after a successful download, a notification event is logged. Notifications are marked with a circle with a “tail” and the letter “i” inside);

– success audit(an event corresponding to a successfully completed action related to maintaining the security of the system. For example, in case of a successful user login, an event with the "Success audit" type is logged);

– failure audit(an event corresponding to an unsuccessfully completed action related to maintaining the security of the system. For example, in the event of an unsuccessful attempt to access a user to a network drive, an event of the "Failure audit" type is logged).

How to use event logs for troubleshooting

Careful analysis of event logs helps prevent system problems and determine their causes. For example, if there is a warning in the log that the disk can only read or write a sector after a few attempts, then that sector may soon become unusable.

Logs can also help you resolve issues related to application performance. For example, if a program crashes, there are usually entries in the application log about the events that cause it to crash.

Reading event logs is a sacred (daily!) duty of programmers and system administrators. Often, even for an ordinary user, viewing these logs can make life much easier by making communication with managed Windows more enjoyable and productive!

Notes

1. The event log service starts automatically at startup Windows.