Many PC users are not even aware that they have a very useful add-on on their device. It records all events occurring in the OS. But reading and writing data occurs even during periods of inactivity on the part of a person. The Event Log in Windows 10 provides the user with the opportunity to view errors, warnings and other important information.
In some cases, analyzing this data can greatly facilitate the search for the causes of malfunctions. And this is an important step towards their elimination and even prevention. Of course, server owners often resort to such manipulations. However, for the average user, studying history can also be useful.
How to access the event log in Windows 10
The utility can be launched in several ways. The first involves using the Run . To do this you need:
- By holding down the “ Win ” + “ R ” keys, open the window.
- Enter the “ eventvwr ” command.
- Click "OK».
And the second requires the use of a control panel, where it is required:
- Select the “ System and Security ” section.
- Proceed to the “ Administration ” subsection.
- Select " Event Viewer ".
Once in the event log in Windows 10, you can begin to analyze its interface.
The left column contains event logs. They are already sorted into sections. Which makes the user's work easier. Of greatest interest is the “Windows Logs” section, which consists of the following categories:
- Application (main) - records created by programs.
- Security (Basic) - System security information.
- Installation (optional).
- System (main) - information about the operation of system components.
- Routed Events (Advanced).
There are two windows in the center of the utility. The first displays the events that have occurred. And the second is detailed information about each of them. The right column contains the working tools of the magazine.
Launching and reviewing the Event Viewer utility
In order for the operating system to successfully fill event logs, the Windows Event Log service, which is responsible for this, must be running. Let's check if this service is running. In the search field of the main Start menu, look for Services
Find the Windows Event Log and check Status - Running and Startup Type - Automatic
If this service is not running, double-click on it with the left mouse and in the properties, in the Startup type section, select Automatic. Then click Run and OK
The service has started and the event logs will begin to fill.
Launch the Event Viewer utility using the search from the Start menu
The default utility looks like this:
A lot of things here can be customized for yourself. For example, you can use the buttons below the menu area to hide or show the Console Tree on the left and the Actions panel on the right
The area at the bottom center is called the Viewing Area. It displays information about the selected event. It can be removed by unchecking the corresponding checkbox in the View menu or by clicking on the cross in the upper right corner of the viewing area
The main field is located at the top center and is a table with the events of the log that you selected in the Console Tree. By default, not all columns are displayed. You can add and change their display order. To do this, right-click on the header of any column and select Add or remove columns...
In the window that opens, add the required columns from the left field to the Displayed columns column
To change the order of display of columns in the right field, select the desired column and use the Up and Down buttons to change the location.
The nuances of working in a magazine
The number of monitored events can be in the thousands and even tens of thousands. To create a comfortable working environment, the event log in Windows 10 is equipped with a built-in filter. It allows you to sort the available information by:
- importance;
- time;
- source;
- computer and user name;
- code and other parameters.
But finding the necessary error in the log is not so bad. The specificity of the information contained will not allow everyone to immediately understand what the problem is. For example, the user might see something like:
{BF6C1E47-86EC-4194-9CE5-13C15DCB2001} DCOM server registration failed within the allotted timeout
Finding the description will require going online and visiting the Microsoft website. Or other resources providing similar information.
It is worth mentioning that the presence of errors is a normal phenomenon of the OS. Any, even the most minor failures are entered into the registry. So don't worry if you find them in a magazine.
Activity Log in Windows 10 records your activity even when you turn it off
Reward accrued
This news was written by a site visitor and a reward was awarded for it.
“Surveillance”, “telemetry”, “probes”, it’s impossible to count how many disputes on the Internet have occurred about this over the past 4 years. A barrage of criticism from indignant users and experts periodically reaches the ears of Microsoft and sometimes it makes concessions, for example, adding a button to view information collected from the user.
But now emotions on this issue are no longer so intense, users are used to it and there is not much choice, in the license agreement the owner of the best Windows gives permission to collect almost any information from his PC.
In the new versions of Windows 10 - 1803 and 1809, telemetry, coupled with the activity log, has reached a new level, allowing you to create a “Timeline”. Almost the history of the browser, but for the entire computer. And with the timeline, a new scandal related to user privacy is gaining momentum.
There are as many as 3 options in the action log that allow you to disable the recording of user actions, but users of Reddit and the Ghacks portal noticed that these options do not disable anything. The activity continues to be recorded and appears in the Privacy Dashboard on the Microsoft website.
This glaring fact was first noticed by a user from Reddit. He signed in with a local account and only used the Microsoft account in the app store. And when he turned off all three options in the Settings app, he saw that the privacy dashboard on account.microsoft.com continued to record activity.
Users from the Ghacks portal reproduced the situation and their fears were confirmed. Action recording does not turn off. Activity history was saved in the privacy dashboard.
They started digging deeper and got into group policies. By disabling the “Enables activity feed” option and the “Allow downloading of user actions” option, they got the expected result - the recording of actions did not stop even after setting up group policies.
It must be recognized that the leakage of user activity data when the corresponding functions are disabled is a very serious problem. Even at the simplest, everyday level, when not only its main owner has access to the device, one now has to worry not only about the browser history and files “not for prying eyes”, but also about the always-on timeline.
So, if your parents are tech-savvy and you're playing Minecraft on the best of Windows, instead of doing your homework, don't forget that the vigilant timeline doesn't turn off and remembers everything.
How to clear the event log in Windows 10
Among the ways to clear the event log in Windows 10, there are 5 main ones.
Manually
This method is very simple. It does not require special skills or additional software. All that is needed is:
- Open the event log.
- Right-click on the required section.
- Select command "Clear log...».
As you've probably noticed, this is the easiest way. However, some situations require resorting to other methods.
Creating a .bat file
This method also allows for quick cleaning. To implement it you will need the code:
@echo off FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V IF (%adminTest%)==(Access) goto theEnd for /F "tokens=* " %%G in ('wevtutil.exe el') DO (call :do_clear "%%G") goto theEnd :do_clear echo clearing %1 wevtutil.exe cl %1 goto :eof :theEnd
It must be used in the following algorithm:
- Create a text document.
- Copy the code above into it.
- Save the document with the .bat extension (you can read more about extensions in the article “Windows file extensions. How to open and change file extensions”)
- Run the resulting file as administrator.
After this, all reports will be deleted.
Via the command console
You can also clear the event log in Windows 10 using this tool. To do this you will need:
- Press the “ Win ” key.
- Lead " Command Line ".
- Run the utility as administrator.
- Enter the command below and press “ Enter ”.
for /F “tokens=*” %1 in ('wevtutil.exe el') DO wevtutil.exe cl “%1″
Via PowerShell
PowerShell is a more advanced version of the command line. Clearing the log using it is carried out in the same way. Except for the command being entered. In this case it looks like this:
wevtutil el | Foreach-Object {wevtutil cl “$_”}
Description of the program interface
The program window consists of the following components:
Screenshot No. 3. Program interface
- The navigation panel allows you to select a specific log whose records you want to view;
- List of events contained in the selected log. The columns display basic information about the event. They can be sorted by dates, types, event categories, etc.;
- Detailed information about the event selected in the second panel. Also, detailed information can be opened in a separate window if you double-click on the desired event;
- A panel of quick actions that can be performed with a given log or event. Actions are also available in the context menu (right-click on a log or event).
For ease of viewing and management, system logs are divided into categories:
- Applications – as the name says, contains application events and errors ;
- Security – if the operating system has the audit function enabled and configured, the log will contain entries related to tracking relevant events (for example, user authorization or unsuccessful login attempts to the operating system ) ;
- System ( System ) – events of the operating system and system services are recorded here;
- Installation ( Setup ) – events related to the installation of Windows updates and additional applications.
In the Applications and Services Logs section, you can find more detailed information about the events of individual services and applications registered in the operating system, which can be useful when diagnosing problems in the operation of individual services .
The events themselves are also divided into types:
- Information - informs about the normal operation of applications .
- Warning - to work as normal, but when the space runs out completely, work will be impossible).
- Error ( Error ) is a problem leading to degradation of an application or service, or data loss.
- Critical A significant problem that causes the application or service to fail .
- Success audit —A Security log event that indicates is example a successful login).
- Failure audit is a Security log event that indicates is , a login failure).
What is Windows Event Viewer
Event Viewer is the most powerful diagnostic tool in Windows. Its use is fundamental to monitoring system integrity, as it provides detailed information about all events occurring on the PC. An event is a phenomenon that occurs within a system and is communicated externally to the user or to other programs, and usually corresponds to a state or configuration change. Events are logged by the Windows Event Log service and their history is stored in the corresponding system logs.
Windows Event Viewer helps in analyzing the problem because it allows you to view hardware and software anomalies of various nature (failure to start a service, system crash, failure to install an update, corruption in the file system structure, IP address conflict).