To paraphrase from the ditty “Don’t Quit” – When things go wrong as they sometimes will; don’t quit. Because for every Windows crash there’s a way to lick the problem without dialling assistance.
Windows glitches, errors and crashes are a pain in the rear. More often a reboot (or a smack on the sides) is a quick fix. It gets the work done but it still leaves the puzzler out there – why did the system crash in the first place?
To remove the vulnerability (we know that Window’s has tons of them!) and troubleshoot errors, it’s necessary to diagnose and cure. This is where the Event Viewer makes a worthy entrance.
An event, as described by Microsoft, is any significant happening in a system or in a program that should be brought to a user’s attention. It can be a system crash, an application freeze or the ominous ‘Blue Screen of Death‘. The notification is duly logged by the system in a log (the event logs) which we can see using the Event Viewer. The Event Log Service registers application, security, and system related events in Event Viewer. Thus we can pinpoint the exact source of a problem and diagnose to prevent future errors.
The Event Viewer has been a part of the Windows OS since the early days of Windows NT. In Windows Vista, it has been modernized to Windows Event Log. In Windows XP, the Event Viewer can be found under Control Panel – Administrative Tools – Event Viewer. That’s where we are now headed for some familiarization.
The Three Logs
Windows XP logs events basically in three logs – Application Log, Security Log and System Log. Additional logs may be created by other applications like anti-virus and Internet Explorer.
- In Application Log events are posted by programs. For instance, a program hang is reported here. The reporting though depends on the program; if it has been coded to report events.
- In Security Log security violation related events like valid and invalid logons are posted. It also records things like clock adjustments and file sharing permissions. This log is disabled by default and only a user with administer privileges can view this log.
- In System Log, events related to system failures like startup errors (for instance a failed driver), hardware crashes (a webcam froze) et al find a mention.
How to Read the Event Viewer
- The Event Viewer is structured around easy to understand information like – the Date and Time of each event are given with the Source of each problem. The source can be a program, a single file of a program or a system file. The View menu has a Filter which lets you sort the log information in a few ways.
- Most of the logs are of the Type “˜Information’. But some types like ‘Errors‘ and ‘Warning’ are worth looking into. (The Security Log also has the Success Audit or Failure Audit types.)
- The Error Properties box comes up with a double click. The box provides a slightly elaborate description about the specific error. There is a link provided which links to Microsoft Support. The details of the error can be sent but more often than not it fails to provide a solution.
- Event ID is the column which gives us a number to work with. Using this number, we can track the error type and learn about it in more detail. This is the same number which is used by the support guys for troubleshooting. Note: Event IDs may change over time with installation of service packs and patches.
Using the Event ID to Target and Solve
The Event ID numeric value is a key identifier for the problem. The web is a good place to do some DIY troubleshooting.
EventID is a rich database of logged events. The site has a repository of 10,496 event IDs and 497 event sources with a lot more info provided by contributors. Enter the Event ID number and the Source and the site’s search engine filters out the possible resolutions for the particular event. Most of the solutions are contributed by users from their experience. Non members can search using basic search. Paid subscribers get better features like an advanced search and searching for event IDs from a specific source.
Some other search features available for all users are:
- Copy paste the log entry for search
- Lookup error codes other than Windows event IDs
- Redirect Microsoft’s error lookup link to EventID.net with a registry fix.
Getting all your answers through the website or with a general web search might not ultimately solve the problem. But it will give you a better grasp of things before you call in the boffins.
Using Event ID is just one way. Previously we looked at a few other diagnostic ways to vault over ‘run of the mill stuff’ like stalled Windows. Here’s a small troubleshooter’s list:
- 7 Common Reasons Why Windows Can Get Unresponsive
- How To Analyze A Windows Blue Screen Of Death With WhoCrashed
- How To Troubleshoot Your Windows With The MSconfig Utility
- How to Fix Microsoft Office Problems with MS Office Diagnostics
- How To Kill Unresponsive Programs without The Task Manager
Image Credit: Sonietta46