Windows XP Event Viewer

Unlike Windows 95/98/ME, Windows XP ( like NT4 and Windows 2000) keeps a log of events,
which can be used to identify problems with installed components.

To view the Event Log, select in the Control - Panel :
"Administrative Tools" :

Select :
Event Viewer

There is a separate log for :
- System : Windows logs here all its event for devices
- Security :
- Application : Other programs than Windows XP itself can log here their events

Events are classified by "Type" :

	Information :
	Warning : should be checked
	Error : must be checked

Let's have a look at some interesting items in the Log : Source : eventlog, events: 6006 and 6005

	When shutting down your system, the last entry in the Event-Log will be the event 6006: "The Event log service was stopped". If this event is missing, it indicated an improper shutdown of the system (either a "blue screen" or the user simply pushed the power-off button), improper Shutdowns can cause a system to become unstable !
	When starting up Windows XP, one of the first events will be 6005: "The Event Log service was started". All items above this entry will show other status messages of Windows XP starting up.

Let's check the warning message for the DHCP :

My system is configured with 2 network adapters:
one for a LAN, a second for connection to an
ADSL-modem. While the Adapter for the LAN
has a static IP-address, the adapters for the
ADSL-connection was configured to
"obtain an IP-address automatically".
This warning message shows, that my systems
was not able to locate a DHCP-server on the
network and used therefor the internal
Automatic IP-address generation to assign an
IP-address.

This is ok for my system, so I can in this case
ignore this warning message.
But if you get such a warning when trying to
connect to an office network with a DHCP-server,
it indicates a problem with the network cables.

Let's check the ERROR message for W32Time :

	Time Provider : Somehow my system got configured to try to connect to a time-server (to synchronize the clock on my system with an exact time). Since I was first not aware of this issue, I tried to get more information by using the link to the Microsoft support website.
	The system is asking your permission to transmit some information.

Bad luck : no more information available on this event log item . . .

The solution : By default, Windows XP is configured to "call home" to synchronize the clock.

	Using the right-click menu, you can save the event-log to a file, allowing you to transfer it (via floppy or e-mail) to another system, where you can use the entry "Open Log File" of this menu to display such a transferred Event Viewer Log file. You can also use this menu to "Clear all Events".
	By default, all events in the Event Log will be displayed.
	To shorten the displayed list, select to activate a "Filter"

	In the Filter definition, you can make a lookup of all available sources for events
	if you are looking for specific event, you can enter it directly

	If you plan to monitor the events on your system for a longer time, you should reconfigure the Event-Log by displaying the Event-Log Properties :
	The default values limit the size of the Event log file and will overwrite events after 7 days.
	I suggest to increase the size of the Event log file (to several MBytes) and to define to "overwrite events as needed" : This will keeps the entries in the Event Log, until the file has reached the maximum size and then it will start overwriting the oldest event log entries.