Where Are The Windows Logs Stored?

Reading Time: 3 minutes

In this article, we will discuss Windows logging, using the event viewer and denoting where the windows logs are stored.

Windows VPS server options include a robust logging and management system for logs. These logs record events as they happen on your server via a user process, or a running process. This information is very helpful in troubleshooting services and other issues, or to investigate a security problem. 

Windows references logs as events, while Plesk and most other systems call them logs. For standardization, they are called logs in this article. Follow below to see how you can use the event viewer to review your logs and investigate issues. 

This article applies to Fully Managed, Core Managed, and Self-Managed options.

Accessing The Event Viewer

The first step in accessing the Event Viewer is to connect to your server. Gaining access to the server can be accomplished through the Console button in Manage, or through a manual RDP connection.

access server

Once you have connected to your Windows server, you will need to log in to your administrator account. Once logged in, click the Start menu, then Event Viewer.

start event viewer

Using The Event Viewer

The event viewer is a system application included on all versions of Windows servers. This program allows you to view logs recorded to it by applications and the system. The event viewer has four main views you will see when you first launch the application:

  • Custom Views
  • Windows Logs
  • Application and Services logs
  • Subscriptions
event viewer
event viewer

For this article, we will focus mainly on the Windows Logs. The project you are hosting may have you reference the application logs for programs you use, which may be outside the scope of this article. 

All logs are assigned an event level. This event level denotes the severity or seriousness of any issues noted in the logs. The default view of the list below is by acuity.

  • Audit Success – (Security category only)
  • Audit Failure – (Security category only)
  • Critical
  • Error
  • Warning
  • Information
  • Verbose
event level
event level

You will also notice that Windows logs are broken down into categories. These classifications are listed below, along with some quick info about each section.  

log categories
log categories

Application – Logs related to drivers and other system components

Security – Logs pertaining to successful and failed logins, and other authentication requests 

Setup – Logs associated with Windows install and updates

System – Logs linked to uptime, service status changes, and other messages generated by the operating system

Forward Events – Logs from a remote server, forwarded to this server

Clicking on any of the categories above will load all of the saved logs for that category. The logs will, by default, be arranged in chronological order. You can also modify how the logs are arranged by clicking on any of the column headers. 

saved logs
saved logs

Clicking on any specific record will bring up some general information about the log, like the time of the log entry, the log entry level, it’s ID and source, as well as a variety of other information that can be used to identify an issue. 

Clicking on details will provide you with the raw log data, which can present a more considerable amount of detail that can be used to investigate and solve problems. 

Lastly, the default location of these logs can be found in the following folder on the server: 


Get Started Today!

Are you have issues tracking down where problems are occurring on your windows server? Need help deciphering the information in a log file, or trying to locate ways to improve the responsiveness of your server?

Our Level 3 Windows administrators are tough, smart and experienced techs who can help with any issue. Reach out today if you are running out of options and need to hear from a professional.

Give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions Team or an experienced Hosting Advisors today!

Refer a friend and get a $50 hosting credit!