In the Windows OS line, all major events that occur in the system are recorded and then recorded in the log. Errors, warnings and just various notifications are recorded. Based on these records, an experienced user can correct the operation of the system and eliminate errors. Let's learn how to open the event log in Windows 7.
The event log is stored in a system tool called "Event Viewer". Let's see how you can get there using different methods.
Method 1: "Control Panel"
One of the most common ways to launch the tool described in this article, although far from the easiest and most convenient, is done using "Control Panels".
Method 2: Run Tool
It is much easier to initiate activation of the described tool using the tool "Run".
The basic disadvantage of this quick and convenient method is the need to remember the command to call the window in your mind.
Method 3: Start Menu Search Box
A very similar method of calling the tool we are studying is carried out using the search field of the menu "Start".
Method 4: "Command Line"
Calling a tool via "Command line" quite inconvenient, but such a method exists, and therefore it is also worth special mention. First we need to call the window "Command line".
Method 5: Directly start the eventvwr.exe file
You can use such an “exotic” option for solving the problem as directly starting a file from "Conductor". However, this method can be useful in practice, for example, if the failures have reached such a scale that other options for launching the tool are simply not available. This happens extremely rarely, but it is quite possible.
First of all, you need to go to the location of the eventvwr.exe file. It is located in the system directory at this path:
C:\Windows\System32
Method 6: Entering the file path in the address bar
With help "Conductor" we can launch the window we are interested in faster. In this case, you don’t even have to look for eventvwr.exe in the directory "System32". To do this, in the address field "Conductor" you just need to specify the path to this file.
Method 7: Create a shortcut
If you don't want to remember different commands or section jumps "Control Panels" If you consider it too inconvenient, but at the same time you often use the magazine, then in this case you can create an icon on "Desktop" or in another place convenient for you. After this, launch the tool "Event Viewer" will be carried out as simply as possible and without the need to remember anything.
Problems opening the magazine
There are cases when problems arise with opening a journal using the methods described above. Most often this happens because the service responsible for the operation of this tool is deactivated. When trying to run the tool "Event Viewer" A message appears indicating that the Event Log service is unavailable. Then you need to activate it.
- First of all, you need to go to "Service Manager". This can be done from the section "Control Panels" which is called "Administration". How to get into it was described in detail when considering Method 1. Once in this section, look for the item "Services". Click on it.
IN "Service Manager" you can go using the tool "Run". Call him by typing Win+R. Enter in the input area:
Click "OK".
- Regardless of whether you made the transition through "Control Panel" or used the command input in the tool field "Run", starts "Service Manager". Look for an element in the list "Windows Event Log". To make your search easier, you can arrange all the objects in the list in alphabetical order by clicking on the field name "Name". Once the desired row is found, look at the corresponding value in the column "State". If the service is enabled, then there should be an inscription "Works". If it is empty, this means that the service is deactivated. Also look at the value in the column "Startup type". In normal condition there should be an inscription there "Automatically". If there is a value there "Disabled", this means that the service is not activated when the system starts.
- To fix this, go to the service properties by double-clicking on the name LMB.
- A window opens. Click on the area "Startup type".
- Select from the drop-down list "Automatically".
- Click on the inscriptions "Apply" And "OK".
- Returning to "Service Manager", mark "Windows Event Log". In the left area of the shell, click on the inscription "Run".
- The service has started. Now in the corresponding column field "State" value will be displayed "Works", and in the column field "Startup type" the inscription will appear "Automatically". Now the magazine can be opened in any of the ways that we described above.
There are quite a few options to activate the event log in Windows 7. Of course, the most convenient and popular methods are to go through "Toolbar", activation using the tool "Run" or menu search fields "Start". For easy access to the described function, you can create an icon on "Desktop". Sometimes there are problems starting the window "Event Viewer". Then you need to check whether the corresponding service is activated.
System administrators, and regular Linux users, often need to look at log files to troubleshoot problems. In fact, this is the first thing any system administrator should do when any error occurs in the system.
The Linux operating system itself and the running applications generate various types of messages that are logged in various log files. Linux uses special software, files and directories to store log files. Knowing which files contain the logs of which programs will help you save time and solve the problem faster.
In this article we will look at the main parts of the Linux logging system, log files, as well as utilities with which you can view Linux logs.
Most Linux log files are located in the /var/log/ folder. You can list the log files for your system using the ls command:
Rw-r--r-- 1 root root 52198 May 10 11:03 alternatives.log
drwxr-x--- 2 root root 4096 Nov 14 15:07 apache2
drwxr-xr-x 2 root root 4096 Apr 25 12:31 apparmor
drwx------ 2 root root 4096 May 5 10:15 audit
-rw-r--r-- 1 root root 33100 May 10 10:33 boot.log
Below we will look at 20 different Linux log files located in the /var/log/ directory. Some of these logs are only found on certain distributions, for example dpkg.log is only found on Debian based systems.
/var/log/messages- contains global Linux system logs, including those that are recorded at system startup. Several types of messages are recorded in this log: mail, cron, various services, kernel, authentication and others.
/var/log/dmesg- contains messages received from the kernel. Logs many messages during the boot phase, they display information about hardware devices that are initialized during the boot process. You can say this is another log of the Linux system. The number of messages in the log is limited, and when the file is full, with each new message the old ones will be overwritten. You can also view messages from this log using the dmseg command.
/var/log/auth.log- contains information about user authorization in the system, including user logins and authentication mechanisms that were used.
/var/log/boot.log- Contains information that is logged when the system boots.
/var/log/daemon.log- Includes messages from various background daemons
/var/log/kern.log- Also contains messages from the kernel, useful in troubleshooting errors in custom modules built into the kernel.
/var/log/lastlog- Displays information about the last session of all users. This is a non-text file and you must use the lastlog command to view it.
/var/log/maillog /var/log/mail.log- logs of the email server running on the system.
/var/log/user.log- Information from all logs at the user level.
/var/log/Xorg.x.log- X server message log.
/var/log/alternatives.log- Information about the operation of the update-alternatives program. These are symbolic links to default commands or libraries.
/var/log/btmp- Linux log file contains information about failed login attempts. To view the file, it is convenient to use the command last -f /var/log/btmp
/var/log/cups- All messages related to printing and printers.
/var/log/anaconda.log- all messages recorded during installation are saved in this file
/var/log/yum.log- Logs all information about package installations using Yum.
/var/log/cron- Whenever the Cron daemon starts executing a program, it writes a report and messages from the program itself in this file.
/var/log/secure- contains information related to authentication and authorization. For example, SSHd logs everything here, including failed login attempts.
/var/log/wtmp or /var/log/utmp - Linux system logs , contain a log of user logins. Using the wtmp command you can find out who is logged in and when.
/var/log/faillog- Linux system log, contains unsuccessful login attempts. Use the faillog command to display the contents of this file.
/var/log/mysqld.log- Linux log files from the MySQL database server.
/var/log/httpd/ or /var/log/apache2- log files of linux11 Apache web server. Access logs are in the access_log file, and error logs are in the error_log
/var/log/lighttpd/- Linux logs of the lighttpd web server
/var/log/conman/- ConMan client log files,
/var/log/mail/- this directory contains additional mail server logs
/var/log/prelink/- Prelink program links libraries and executables to speed up the loading process. /var/log/prelink/prelink.log contains information about .so files that were modified by the program.
/var/log/audit/- Contains information generated by the auditd daemon.
/var/log/setroubleshoot/ - SE Linux uses the setroubleshootd daemon (SE Trouble Shoot Daemon) to report security problems. This log contains messages from this program.
/var/log/samba/- contains information and logs from the Samba file server, which is used to connect to Windows shares.
/var/log/sa/- Contains .cap files collected by the Sysstat package.
/var/log/sssd/- Used by the system security daemon, which manages remote directory access and authentication mechanisms.
Viewing logs in Linux
To view logs on Linux, it is convenient to use several Linux command line utilities. This can be any text editor, or a special utility. Most likely, you will need superuser rights to view logs in Linux. Here are the commands that are most often used for these purposes:
- zgrep
- zmore
I will not go into detail on each of these commands, since most of them have already been discussed in detail on our website. But I will give a few examples. Viewing Linux logs is very simple:
We look at the log /var/log/messages, with the ability to scroll:
less /var/log/messages
View Linux logs in real time:
tail -f /var/log/messages
Open the dmesg log file:
cat /var/log/dmesg
First lines of dmesg:
head /var/log/dmesg
We only output errors from /var/log/messages:
grep -i error /var/log/messages
In addition, you can view logs on Linux using graphical utilities. System Log Viewer can be used to easily view and monitor system logs on a Linux laptop or personal computer.
You can install the program on any system with an X server installed. Also, any graphical test editor can be used to view logs.
conclusions
In the /var/log directory you can find all the necessary information about the operation of Linux. From today's article you have learned enough to know where to look and what to look for. Now viewing logs in Linux will not cause you problems. If you have any questions, ask in the comments!
Hello everyone, the topic is how to view windows logs. I think everyone knows what logs are, but if suddenly you are a beginner, then logs are system events occurring in the operating system of both Windows and Linux, which help track what, where and when happened and who did it. Any system administrator must be able to read Windows logs.
An example from real life is the situation when a disk failed on one of the IBM servers and for technical support I collected server logs so that they could diagnose the problem. The Event Viewer service is responsible for collecting and recording logs in Windows. Event Viewer is a convenient tool for obtaining system logs.
How to open in Event Viewer
You can go into the Event Viewer snap-in very simply, suitable for any version of Windows. Press the magic buttons
Win+R and enter eventvwr.msc
A Windows Event Viewer window will open in which you need to expand the Windows Logs item. Let's go through each of the magazines.
Log Application contains records related to programs on your computer. The log is written when the program was launched, if it was launched with an error, then this will also be reflected here.
An audit log is needed to understand who did what and when. For example, logged in or logged out, tried to gain access. All success or failure audits are written here.
The Installation item records Windows logs about what was installed and when, for example, programs or updates.
The most important magazine is the system. All the most necessary and important things are written down here. For example, you had a blue screen bsod, and these messages that are recorded here will help you determine its cause.
There are also Windows logs for more specific services, such as DHCP or DNS. Event Viewer cuts everything :).
Suppose you have more than a million events in the Security log, you will probably immediately ask the question whether there is filtering, since viewing all of them is masochism. Event Viewer has taken this into account; Windows logs can be conveniently filtered out, leaving only what is needed. On the right in the Actions area there is a button Filter current log.
You will be asked to specify the event level:
- Critical
- Error
- Warning
- Intelligence
- Details
It all depends on the search task; if you are looking for errors, then there is no point in other types of messages. Next, in order to narrow the scope of your search for event viewing, you can specify the desired event source and code.
So, as you can see, parsing Windows logs is very simple, we search, we find, we solve. A quick clearing of Windows logs may also be useful:
View windows PowerShell logs
It would be strange if PowerShell couldn’t do this; to display log files, open PowerShell and enter the following command
Get-EventLog -Logname "System"
As a result, you will receive a list of System logs
The same can be done for other magazines, for example Applications
Get-EventLog -Logname "Application"
small list of abbreviations
- Event code - EventID
- Computer - MachineName
- Event sequence number - Data, Index
- Category of tasks - Category
- Category code - CategoryNumber
- Level - EntryType
- Event message - Message
- Source - Source
- Event generation date - ReplacementString, InstanceID, TimeGenerated
- Event recording date - TimeWritten
- User - UserName
- Website
- Division - Container
When performing boot analysis, it is sometimes very important to obtain a complete list of loaded and non-loaded drivers and libraries. It is not necessary to use special utilities for these purposes; you can get a list of downloadable software components using the operating system itself. The list is a regular text file ntbtlog.txt, saved in the Windows root system folder.
There are two ways to create a Windows boot log. The simplest one first. Press Win + R to open the launch dialog box and run the msconfig command in it. In the system configuration window that opens, switch to the “Download” tab and check the “Download Log” checkbox. Now click "Apply" and "OK".
A window will appear asking you to restart the computer. We agree, we reboot,
Then go to the location C:/Windows, find the text file ntbtlog there
and open it with Notepad or another editor.
The second method is a little more complicated. Launch a command prompt as an administrator and run the bcdedit command. A list of all your operating systems and their boot entries will appear in the console. We only have one Windows 10 installed, so there will be two list items - boot manager and Windows boot. We need a second record, namely its identifier with the value (current).
Immediately on the command line, run a command like this:
bcdedit /set (Identifier) bootlog Yes
Replace the identifier with its value. In our example, this is current (see screenshot). Now reboot. As in the previous case, the download log will be created in the Windows folder. How to understand from the contents of the log whether the driver was loaded or not? Very simple. The BOOTLOG_LOADED entry indicates that the driver was loaded, the BOOTLOG_NOT_LOADED entry will indicate that the driver was skipped during startup of the operating system.
One of the many changes in Windows 10 is the saving of update logs in ETL files, which can only be read using special utilities. In earlier versions of the system, logs were written to a regular text file, but since the update service was constantly active in the system, the data was overwritten regularly, which created additional unwanted load on the disk.Using the ETL log format reduced the load on the hard drive, but made reading logs less convenient for administrators. Microsoft is aware of this problem, so the developers have implemented the ability to convert update log files into a human-readable format. In addition, logs can be viewed using the built-in Windows Event Log. Let's look at both options in a little more detail.
Launch the PowerShell console and run the Get-WindowsUpdateLog command.
Reading and converting data will begin immediately,
Upon completion of the procedure, you will have a WindowsUpdate.log file on your desktop, which you can open with regular Notepad or any other text editor. Now you can safely study the log yourself or send it to more experienced users.
The second method is just as simple. Call the context menu of the Start button (Win + X) and select “Event Viewer” from it.
In the log that opens, follow the chain Applications and Services Logs → Microsoft → Windows → WindowsUpdateClient → Operational. In this case, in the central column of the Log you will receive a sorted list of events related to the operation of the update function.
You can view the contents of the records you are interested in directly in the standard Windows application, but you can also save them to EVTX, TXT, CSV and XML files for later study or sending them over the network.
