Microsoft KB Archive/324751

= HOW TO: Diagnose System Problems with Event Viewer in Windows Server 2003 =

PSS ID Number: 324751

Article Last Modified on 4/5/2004

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition
 * Microsoft Windows Small Business Server 2003, Standard Edition
 * Microsoft Windows Small Business Server 2003, Premium Edition

-



This article was previously published under Q324751



For a Microsoft Windows 2000 version of this article, see 302542.

IN THIS TASK

 * SUMMARY
 * ** Troubleshooting with Event Viewer
 * *** Start Event Viewer
 * How to Select Computers
 * How to Modify Log Settings
 * How to Save Event Logs
 * How to Clear Event Logs
 * How to View Event Details
 * How to Filter Events
 * How to Find Events
 * REFERENCES



SUMMARY
This step-by-step guide describes how to use Event Viewer as a troubleshooting tool.

An event is any significant occurrence on the system or in a program that requires users to be notified or an entry to be added to a log. The Event Log Service records events to the Application, Security, and System logs in Event Viewer. Additionally, events are written to the Directory Service and File Replication Service logs on domain controllers, and to the DNS server log on Domain Name System (DNS) servers.

The information that Event Viewer displays about events includes the event type, the date and time that the event occurred, the source of the event, the category for the event, the Event ID, the user who was logged on when the event occurred, and the computer on which the event occurred. Event logs can help you identify and diagnose the source of current system problems, or help you predict potential system problems.

back to the top

Start Event Viewer
To start Event Viewer, click Start, point to Administrative Tools, and then click Event Viewer.

back to the top

How to Select Computers
You can view the event logs of a remote computer. To do this, you must be logged on as Administrator or as a member of the Administrators group.

To view the event logs of a remote computer, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, right-click Event Viewer (local), and then click Connect to another computer.
 * 3) Click Another computer, and then type the name of the computer whose event logs you want to view. Or, click Browse, locate the computer whose events logs you want to view, and then click OK.
 * 4) Click OK.

back to the top

How to Modify Log Settings
You can modify log options (such as log size) and modify the action to perform when the maximum log size is reached.

To modify log settings:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, right-click the log that you want, and then click Properties.
 * 3) Click the General tab.

Specify the log options that you want, and then click OK.

back to the top

How to Save Event Logs
You can save Event logs for later analysis or for use as historical data. The log files are saved to a file name and location that you select, with a file-name extension that is determined by the format of the saved log file.

To save Event logs:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, right-click the log that you want to save, and then click Save Log File As.
 * 3) In the Save as type box, click the format that you want, specify a file name and location in which to save the file, and then click Save.

back to the top

How to Clear Event Logs
You can manually clear all of the events from an Event log when necessary. On heavily used servers, it is a good idea to save data from the Event log for later administrative use before you clear all of the events.

To clear Event logs:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, right-click the log that you want, and then click Clear all Events.

A message is displayed that prompts you about whether you want to save the log to a file before you clear it.
 * 1) Click Yes if you want to save the log and clear all events. Click No, if you want to clear all events without saving the log. If you click Cancel, the request to clear the log is canceled.

back to the top

How to View Event Details
After you select a log in Event Viewer, you can search, filter, sort, and view details about events.

To view events:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, click the log whose events you want to view. A list of events in the log file is displayed in the right pane.
 * 3) Double-click a specific event to display more details about the event.

back to the top

How to Filter Events
You can specify a filter that limits the type of information that you want Event Viewer to display. These filters affect only the view of the Event log items that are displayed and do not affect the actual contents of the log.

To filter events:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, right-click the log that you want to filter, and then click Properties.
 * 3) Click the Filter tab.
 * 4) Specify the filter options that you want.
 * 5) Click OK.

back to the top

How to Find Events
Event Viewer provides the option to search for events. Searches can be useful when you view large logs.

To find an event:
 * 1) Click Start, point to Administrative Tools, and then click Event Viewer.
 * 2) In the console tree, click the log that you want to search.
 * 3) On the View menu, click Find.
 * 4) Specify the information that you want about the event or events that you want to find, and then click Find Next.
 * 5) Click Close.

back to the top

