Viewing Windows Event Viewer in Vista
If you have been working Wintel computers for any amount of time, you have eventually found yourself staring at the console of the Event Viewer at one time or another.
If you were smart it was before a disaster, if not so smart, it was after. But in the end you were at the Event Viewer looking for clues to any system problems.
The Event Viewer in Vista is heads and shoulders above its XP predecessor, in most every way. We are going to look at some of those new features and also some basic functionality if you are just coming into the field.
Vista’s Event Viewer now includes features that allow you to streamline troubleshooting and react proactively to problems as they arise. Here are some of the most useful features:
- View Events From Multiple Logs
- Reusable Custom Views/Filters
- Integration with Task Scheduler
- Event Subscriptions
Now that we have those listed out let’s take a look at how they can help you troubleshoot and take preventive steps to keep your system healthy.
In prior versions of Event Viewer, while trying to troubleshoot an issue you would have to swap back and forth between different logs to try and collate the data.
With this new version you are now able to filter for specific events across multiple logs by creating custom views. This will enable you to quickly get a better overview of what the problem might be.
Reusable Custom Views
While always being able to filter in previous versions of Event Viewer, you always lost that filter when you closed out.
By allowing you to create and save your filters as custom views you can quickly go back to your view to check the data again. Let’s walk through creating a custom view.
How to Create a Custom View
1. Start Event Viewer by simply typing Event Viewer in to the Start Menu search box, if UAC is still enabled it will prompt you for a response.
2. In the left pane right click on Custom Views folder and then left click Create Custom View.
3. The Create Custom View window will now come up.
Now we will set a time frame for the view under the Logged: drop down. There are several default settings but if you need something specific you can select Custom Range …
This will allow you to set the earliest date and time you want to filter for and the latest date and time.
4. Now select the check boxes next to Event Level according to the levels you want to have included in the custom view.
5. Next let’s choose the source of data for this view. We have two options: By log or By source.
This gives you complete freedom to really target the exact information you need from logs, applications or specific Window components. For this example I am going to use Event Logs and select Application & System.
6. In the next field you can specify the Event ID’s you want to see. For this instance I am going to specify Event ID 11 (a problem with my cdrom controller that is ongoing) and 1530 (a User Profile warning).
You can also set a range by using a “-” between numbers or exclude certain ports by using a minus sign in front of the EventID.
7. For the Task Category, select the check boxes next to the categories in the drop-down that you want included in the view. In this example I am leaving it blank.
8. Now for Keywords, place a check mark in the boxes next to the keywords in the drop-down list that you want included in the custom view. I am also leaving this blank.
9. For User & Computer(s) you can set the view to filter based on the user accounts or based on the computer if you are using subscribing to events from other systems. I am not going to be doing any filter.
The last 4 fields look like this:
10. After completing the information click on OK.
11. The Save Filter to Custom View will appear. You can set a Name for your filter and a Description.
Since your views are saved under the Custom Views folder, you can also create subfolders for ease of organization. After filling in your desired information click Ok.
12. Now you can navigate to your view in the left pane and see the results in the list.
Even if you close Event Viewer this will still be saved for later use. You can also filter this custom view further by using the tools in the right pane.
13. You can also export these views if you want to use them on other computers by choosing Export Custom View.
You have now successfully setup a Custom View in Windows Vista Event Viewer!
Integration with Task Scheduler
You can now easily associate responses to events as they happen with this new integration. Now let’s setup a task when one of the errors in my custom view occurs.
Execute a Task in Response to an Event
1. Open Event Viewer and select the log you want to work with. In our case I am going to use the Custom View I setup above.
2. Now we are going to right click on the Event we want to trigger the task. In this case we will use Event ID 11 to trigger the task. Left click on Attach Task to This Event …
3. This will now start the Create Basic Task Wizard prefilled with some initial information.
Go ahead and add a descriptive information you want or even change the prefilled info and then click Next.
4. In the next pane you won’t be able to edit information at this time so just click Next.
5. In the next pane there are 3 basic actions you can take. For our example I am going to Display a Message, so I select that radio button and click Next.
Note that you could have easily started a program or emailed message depending on your needs.
6. In this next window I will give my message a title and then put in the message, click Next when finished.
7. In the Summary window you will see all of your input and have a last chance to quickly modify any settings.
You can also place a check next to Open the Properties dialog for this task when I click finish if you need to do any advanced options. For this example I only need the default. Click Finish when you are done editing.
8. You will get a popup confirming the creation of the Task and if you need to modify it to go into Task Scheduler.
9. Now whenever this event occurs it will trigger the message!
When troubleshooting it will sometimes be necessary to see the event logs on several different computers, while there are several ways to accomplish this, none are as elegant as using Event Subscriptions.
With Event Subscriptions you can centralize a number of machines by having them send their Events to a central computer.
In this way you only have to setup one central computer to run tasks in response to Events, easing the management of such responses in addition to being able to centralize troubleshooting.
In this article you have learned about the new functionality in Windows Vista Event viewer and also how to do some basic configurations that will help you troubleshoot and react to issues that may arise.