Event Viewer (eventvwr.msc)

The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host.

default page shows:
- summary of system status
- recent errors and warning events
left hand pane categorizes log files
third pane contains tools for opening log files, filtering, creating a task from an event, etc.

4 Main Log Files

System log contains information about events that affect the core OS.
- E.g., service load failures, hardware conflicts, driver load failures, network issues, etc.
Application log contains information regarding non-core processes and utilities and some third-party apps.
- E.g., application installers write events here
Security log holds the audit data for the system
Setup log records events generated during installation
contains default maximum size
- can be changed in Properties of the log
- can choose: overwrite, do not overwrite, or archive
Applications and Services log contains additional Windows feature, service, or third-party logs

Each event is generated by a source application and allocated an ID and a severity level.

Critical—An issue that should be treated as the highest priority in the context of the source application.
- used to report a process that has halted or stopped responding
Error—A less severe issue that should be investigated once critical issues have been resolved.
Warning—A state that could potentially lead to an error or critical condition if not remediated
- E.g., system running low on disk space
Audit Success/Failure—Events in the security log are classified as either successful or failed
- E.g., user authenticating, password entered incorrectly
double click an event for more information