Better troubleshooting capabilities with Windows Vista's Event Viewer

by Greg Shultz | Aug 24, 2006 7:00:00 AM

Tags: Microsoft Windows Vista (Longhorn), Operating systems, Microsoft Windows XP, Greg Shultz, Microsoft Corp., Event Viewer, Microsoft Windows, Microsoft Windows Vista

Takeaway: In addition to providing improved performance and a new user interface, Windows Vista Event Viewer provides you with a whole slew of new features to make troubleshooting a much easier task.

One of the first places that you probably turn to when troubleshooting problems in Windows XP is the Event Viewer. As you know, Event Viewer maintains logs that record information about program, security, and system events that occur on your system. While XP's Event Viewer is an effective tool that you can use to view and manage event logs, gather information about hardware and software problems, as well as monitor security events, it does have some shortcomings. Perhaps the biggest drawback is that XP's Event Viewer does such a good job at logging events, that the number of items in the log can be staggering. As such, sorting through the logs can be very daunting. Also, not all of the events are well-documented and many aren't documented at all--often leaving even the most experienced troubleshooter puzzled.

Another drawback in the system stems from the fact that Windows XP has other logs that are stored as text files on the hard disk. This means that when troubleshooting problems, you may have to scan through a bunch of text files in addition to scanning through Event Viewer.

Fortunately, Windows Vista's developers have spent a great deal of time and effort on improving Event Viewer! Let's take a closer look.

An overview

To begin with, Event Viewer has been completely rewritten with a new user interface that makes it much easier to filter and sort events as well as control which type of events are logged. In addition, you can now perform some basic diagnostic tasks right from within Event Viewer itself.

Microsoft has stated that they are going to impose stricter standards in order to ensure that events logged in Event Viewer are more meaningful, actionable, and well-documented, thus providing better information for troubleshooting. In addition, Windows Vista's Event Viewer will be the central point of inquiry for all the operating system's logs. More specifically, those operating system components that store logging information in text files will add events to the event log in Windows Vista.

Other new features in Event Viewer allow you to create and save custom views so that you can easily focus in on the problem you are currently troubleshooting, create event subscriptions that can collect information from other computers on a network and allow you to more easily correlate problems that affect multiple computers, and assign tasks that are to run when a certain event occurs.

A tour

Let's take a look around the new Event Viewer in Windows Vista. As you can see in Figure A, the new user interface provides access to more pertinent information that Windows XP's Event Viewer, as shown in Figure B.

Figure A

Windows Vista's Event Viewer provides access to lots of information.

Figure B

The user interface for Windows XP's Event Viewer looks pretty stark in comparison to the Windows Vista's Event Viewer.

As you look at Windows Vista's Event Viewer, you'll notice that the left pane contains an expandable tree that provides you with easy access to all of Event Viewer's logs. The two main categories are Windows Logs and Applications and Services logs. The Windows Logs category includes the logs that were available Windows XP, such as the Application, Security and System logs, while the Applications and Services logs are a new category of event logs that store events from a single application or component.

In the center is the View Pane that provides you with an easy way to view both the list of events as well as the information that each event contains, as shown in Figure C.

Figure C

The View pane does double duty, showing you both the list of events and details about the selected event.

On the right side of Event Viewer is a new area called the Actions pane, which contains a list of actions, or commands, that are associated with Event Viewer. As you can see by comparing Figures A and C, the Actions pane changes to provide relevant tasks depending on what is selected.

To make focusing on specific events easier, you can create a Custom View that essentially allows you to create a very detailed event query that can span several logs. To help you create a Custom View, Event Viewer provides you with a very detailed form, as shown in Figure D. Once you have created a Custom View, you can then save it and reuse it later.

Figure D

Creating Custom View can be a real time saver when troubleshooting problems.

Attaching tasks to events is also a great troubleshooting feature. To make this a simple procedure, Windows Vista's Event Viewer employs the Task Scheduler Wizard and provides you with several relevant actions to attach to the event, as shown in Figure E.

Figure E

You can configure a task that is to take place when and a certain event occurs.

Conclusion

In addition to providing improved performance and a new user interface, Windows Vista Event Viewer provides you with a whole slew of new features to make troubleshooting a much easier task. I'll cover Event Viewer in more detail as the product evolves over the next couple of months.

In the meantime, if you have comments or information to share about the Windows Vista's Event Viewer, please take a moment to drop by the Discussion area and let us hear.