Gerry's Computer Tips

<>


Home


Contents

Performance

System Errors

Malware

Maintenance

Freezes

Windows Update

Windows 7 Tips

Windows 8 Tips

Microsoft Forums

Useful web sites

Contacts



EVENT VIEWER REPORTS

Understanding and Eliminating System Errors
 
2.21. Normally when an error occurs on your computer looking in Event Viewer should be your starting point for finding a solution. Most system related errors are logged and getting an exact copy of the relevant report is important. Unfortunately understanding the reports is not easy and most computer users need help with their interpretation. I have more to say later on interpretation.

2.22. Event Viewer comprises five Windows logs. The most useful are the System and Application logs . For troubleshooting purposes System is by far the most important. For Event Viewer enthusiasts there are Applications and Services logs.

 

2.23. In most situations it is Error and Critical Reports that offer the best information, but occasionally Warning Reports provide useful clues. Reading related information reports will often help with understanding the context in which the error has occurred. An image of a typical report is displayed below.


   
All reports follow the same format, only the content changing. The numbered items record:  

1. The Log Name indicates whether the report is from the Application, Security, Setup, System or Forwarded Event Log if a Windows log, but there are many other Applications and Services Logs.
2.
Reports are generated from a variety of different sources. Filtering reports by Source can reveal the sequence of operation, thus filtering on the Microsoft-Windows-Kernel Source will show the System starting (Event ID: 12) and shutting down (Event ID:13).
3.
You can use the Event ID number coupled with Description to locate reports on the internet providing explanations and solutions to problems the report has revealed.
4.
The most common Levels in ascending order of importance are Information, Warning, Error, and Critical.
5.
The Description is the most useful part of the report. You need to read it very carefully. The meaning is, unfortunately not always clear. A carefully chosen extract from the Description using Google will usually find help with interpretation of the report.
6
and 7. Are specific to an Event ID: 12 report. Many Event Viewer reports, not all, contain useful information in the section under EventData so you need to check there.


2.24. All reports have date and time stamps and when troubleshooting it is important to concentrate on more recent reports. Study reports since the point when the computer was last booted and then check whether a similar report appeared in the previous session. If errors do not repeat, investigation as to why they occurred is wasted effort. If you have used System Restore to restore to an earlier date any reports before you restored should be disregarded.

2.25. When reviewing reports you need to know whether any reports have been produced in any mode other than normal mode. Reports produced when the computer is in safe mode, or safe mode with networking, can easily be misinterpreted. This is because certain drivers are not loaded when the computer boots to a safe mode option. You should disregard any report where the same report does not appear when the computer is booted to normal mode. A line (four lines from the end) in the preceding Event ID: 12 report in the System log records the boot mode where 0 =Normal mode, 1 = Safe mode with Networking, 2 = Safe mode.

2.26. Within individual reports the most important information is the Description. The description is important as copying the exact text for use as the search criteria greatly helps to obtain better results when using Google. Do not paraphrase descriptions when asking others for help. Event ID and Source can help to help confirm you have a report in Google to match your own report.

2.27. To access the System log select Start, Control Panel, Administrative Tools, Event Viewer, from the list in the left side of the window select Windows Logs and System. Other logs are accessible from the same list of logs.

2.28. Many users are put off by the sheer number of reports. To overcome this problem place the cursor on System, right click and select Filter Current Log. Check the box before Error and click on OK and only Error reports will be listed. Click on the Date and Time Column Header to sort. You may need to click a second time to see the latest Report at the top.

 

2.29. You can identify and resolve recurring errors and warnings more easily by saving selected customised filtered reports and checking these at regular intervals.  To retain Custom Views select from the Menu bar Action, Create Custom View. For easy access to these logs pin Event Viewer to the Taskbar.

2.30. Five Custom Views suit my requirements. A System log with the boxes checked for Critical, Error and Warning. An Application log with the same boxes checked. A Start / Shutdown log, which is the Diagnostics- Performance, Operational log found by expanding Applications and Services logs, Microsoft and Windows. A Reliability Analysis log, which is the Reliability-Analysis-Operational log found by expanding Applications and Services logs, Microsoft and Windows. An Administrative Events log filtered on Errors and Warnings.

 

This is page 5. Click links for pages  1  2  3  4  6  or  7