All About Windows Logs Using Event Viewer Tool

Windows Logs

Are you a Windows server user and looking for a way to view what happened on your machine?

You’re in luck because Windows offers a simple and powerful utility that helps you troubleshoot and monitor your server’s performance..

Windows servers are widely used in businesses and organizations to manage and store data. Modern applications hosted on Windows servers are getting increasingly complicated. In addition, these applications demand significantly higher resources for smooth operation.

In this scenario, server admins need a tool to get insights into system events and errors. This is where the Event Viewer comes in handy.

In this article, we will explore the features and benefits of the Event Viewer and how you can use it for managing a Windows server environment.

Table Of Content

  1. A Short Introduction to Windows Event Viewer
  2. How to Access Event Viewer
  3. Common Event Log Categories and Types
    1. Application Log
    2. System Log
    3. Security log
    4. Setup Log
    5. DNS Server log
    6. DHCP Server logs
    7. Remote Desktop Services Log
    8. Active Directory Log
    9. File Replication Service (FRS) Log
    10. Forwarded Events
  4. How to View Logs and Use the Event Viewer
  5. How to Find a Specific Log?
  6. Conclusion

A Short Introduction to Windows Event Viewer

The Event Viewer is a powerful tool that allows users to view and analyze system events, such as errors, warnings, and informational messages.

It provides a detailed log of activities happening on the server, which can help administrators diagnose and resolve issues promptly.

Sysadmins use Windows Event Viewer for real-time system monitoring and post-incident forensic investigations.

How to Access Event Viewer

Now that you understand Event Viewer’s importance and use cases, let’s see how you can access the tool on your Windows server. Fortunately, this is a simple exercise:

  • Use the Windows key + R to launch the Run dialogue box.
  • Enter eventvwr.msc and click OK. The Event Viewer application will be launched in a couple of seconds.

open event viewer

Common Event Log Categories and Types

Windows Server maintains a detailed collection of logs that track all happenings and events on the system. Over time, Windows Server can generate performance logs that track system performance data. These logs aid in the monitoring of resource utilization, the identification of bottlenecks, and the analysis of trends.
In practical terms, Windows logs can be classified into several types, including:

Application Log

Keeps track of events connected to the server’s applications and programs. This log contains all errors, warnings, and informational messages generated by various active apps.

System Log

Stores events from operating system components such as device drivers, system services, and other low-level system operations.

Security log

These logs records security-related events such as successful or unsuccessful login attempts, account management activities, and other security-related actions. It aids in the monitoring and analysis of system security.

Setup Log

The setup log contains information on the system’s software, hardware installation, and configuration. If you’re facing issues with the installed applications, you should look at this log for information.

DNS Server log

If the server hosts and executes the Domain Name System (DNS) service, you can find the details of the DNS queries, updates, and other DNS-specific operations in this log.

DHCP Server logs

If the server is configured as a Dynamic Host Configuration Protocol (DHCP) server, it will log DHCP lease requests, assignments, and other DHCP-related events in this log.

Internet Information Services (IIS) Log

This log stores information about inbound requests, responses, failures, and other web server activity on servers that use IIS to host websites.

Remote Desktop Services Log

This log records events related to remote connections and user sessions on servers that provide Remote Desktop Services (RDS).

Active Directory Log

In Active Directory systems, domain controllers keep logs that track directory service modifications, authentication events, and other directory-related operations.

File Replication Service (FRS) Log

This log records replication-related events if the server replicates files using FRS.

Forwarded Events

This log collects events from remote machines that are configured to forward events to a centralized Windows Event Collector.

IIS logs

How to View Logs and Use the Event Viewer

Event Viewer is a very popular tool that’s included with all Windows Server versions.

Viewing Windows logs, the information they contain, and their location is useful for audits and other purposes. However, there are situations when application-specific logs are useful for troubleshooting.

Let’s take a look at how to view these logs.

Once the Event Viewer is active, expand the menu by clicking the Windows Logs folder.

You can now select the log category you want to access and examine.

When you run Event Viewer for the first time, you will notice four main folders:

  • Views that are unique to you.
  • Logs from Windows.
  • Logs for applications and services.
  • Subscriptions.

To examine the details of an event, double-click it. This will display the event ID, source, description, and other event-specific data.

detailed logs

Each log is assigned an event level. The event level denotes the severity or impact of any problems detected in the logs. Here’re the default event levels used in the logs:

  • Audit Success – (Only in the Security category).
  • Failure of an audit (only in the Security category).
  • Critical Indicates a major system or application problem requiring immediate attention.
  • Error – A fault within the system or services that does not require immediate attention.
  • Warning – Indicates a potential concern you should resolve when you have the time.
  • Information – Identifies a successfully finished event. 
  • Verbose – Infers a procedure or a successful event.

overview and summary

How to Find a Specific Log?

You already know that Windows Server has several logs that track all incidents on the server. Here’s the process you could follow the following steps:

1. Launch the Event Viewer.

2. Click to expand the Windows Logs folder.

windows logs folder

3. Right-click on the log category you wish to study and select Filter.

filter current log

4. Select the Filter tab (generally open by default).

5. Select the relevant event occurrence period from the logged drop menu.

logged drop menu

6. Select the event alertness level (Critical, Warning, Error, and so on).

current log filter

7. If you wish, you can select a task category.

task category

8. If you’re looking for an event or incident associated with a specific keyword, add the keyword to filter the final result.

9. Leave the User and Computers options alone.

10. Click OK to confirm that you have filtered the desired logs.


Administrators can get insights into system behavior, identify potential security concerns, and take appropriate actions to maintain a stable and secure Windows environment.

Event Viewer is a powerful tool for regularly examining and analyzing Windows logs.

At RedSwitches, we offer customizable bare metal servers for your Windows server projects. Our support engineers are available round-the-clock to help you manage the server infrastructure for your projects.


Q. What are Windows logs?

Windows logs are records generated by the operating system that capture various events and activities occurring on a Windows-based computer. These logs store critical information related to security, system performance, application events, and more.

Q. Where can I find Windows logs?

You can access Windows logs through the Event Viewer tool. To open Event Viewer, type “Event Viewer” into the Windows search bar or use the “eventvwr.msc” command in the Run dialog box.

Q. What types of logs does Windows generate and maintain?

Windows creates various kinds of records, including Application logs (information about applications), Security logs (security-related events), System logs (operating system events), Setup logs (installation and configuration events), and Forwarded Events (centralized log collection from other computers).

Q. How can Windows logs be helpful in troubleshooting?

Windows logs can be invaluable for troubleshooting issues on a Windows Server. By examining records, you can identify the root cause of errors, security breaches, application crashes, and other problems, leading to quicker problem resolution.

Q. Are Windows logs automatically recorded?

Yes, Windows logs are automatically recorded by the operating system. Events such as system startup, application launches, errors, and warnings are logged by default.