Where Are the Windows Logs Stored?
Windows VPS server options include a comprehensive logging and management system for logs. These logs capture events initiated by a user or running process on your server. This information is quite beneficial while debugging your server's services or solving other problems. Also, logs are very useful when a security issue should be investigated.
Windows refers to them as Windows event logs or logs. Knowing how to use the Event Viewer to review your server’s activities and troubleshoot issues is helpful. This article will help you find where the Windows system logs are stored and how to access them using the Event Viewer application.
What Is a Windows Event Log?
Windows event logs are detailed records of system, security, and application-related events kept on a Windows operating system. Event logs help track the system and particular application problems and predict possible upcoming issues.
What Types of Information Are Stored in Windows Event Logs?
Hardware and software events on the Windows operating system are stored in Windows event logs. The information stored in the Windows event logs will help you locate the possible threats and help you improve your system's functionality.
The most important elements of the Windows event log are:
- Event time and date - Contains the time and date of the event.
- ID of the event - The unique identification number of a specific event.
- Log name - Name of the specific event, usually stored for security, system, and applications.
- Source - Contains the name of the software generating the event.
- User - The name of the user the event was created or run by.
- Level - Describes the seriousness of the recorded event.
- Computer - Represents the computer name.
How Can I Access Windows Event Logs?
The most asked questions regarding Windows event logs are: Where are they stored, and how can I access them?
The location of the Windows event log is C:\WINDOWS\system32\config\. Windows event logs can be accessed and reviewed using the Event Viewer application.
Accessing the Event Viewer
Accessing the Event Viewer is simple. Follow the next steps to open the Event Viewer:
1. Press the Windows key or access the search bar from the Taskbar.
2. Type Event Viewer in the search bar.
3. Click on Event Viewer to open the app.
Here is another way to open Event Viewer:
1. Hit Windows key + R to open the run window.
2. In the Open bar, type eventvwr and click OK.
Using the Event Viewer
The Event Viewer application is present on all Windows Server versions. Once the Event Viewer is opened, click on the Windows Logs folder to expand the menu.
You can now choose the log category you wish to open and review.
Event Viewer includes four main folders you will see once you launch the application for the first time:
- Custom Views.
- Windows Logs.
- Application and Services logs.
Viewing Windows logs, the information they provide, and their location is valuable for audits and other helpful information. There are times, however, when application-specific logs are helpful for troubleshooting.
All logs have an event level assigned. The event level implies the severity or the level of the impact of any problems generated in the logs. The default view of the list below is alertness.
- Audit Success - (Security category only).
- Audit Failure - (Security category only).
- Critical - Points to a major problem in a system or an application that needs immediate action.
- Error - Indicates a problem with the system or some services that don’t need swift attention.
- Warning - Implies a potential uprising problem that should be monitored.
- Information - Points to the event that was successfully completed.
- Verbose - Implies a process or a successfully executed event.
There are five log categories reviewable in the Event Viewer:
- Security - Logs related to various authentication requests, failed and successful logins.
- Application - System components logs and other logs related to drivers.
- System - Logs created by the operating system, status change of the various services, and uptime.
- Setup - Logs regarding updates and installs on your Windows system.
- Forwarded events - Logs generated on a remote server that were forwarded to your server.
Searching for Particular Logs
If you want to find a specific log, follow these steps:
1. Open the Event Viewer app.
2. Click the Windows Logs folder to expand it.
3. Right-click on the log category you want to filter to investigate.
4. Click on the Filter tab (usually open by default).
5. Under the logged drop menu, select the desired period of the event occurrence.
6. Choose the event alertness level (Critical, Warning, Error, etc.).
7. You can optionally select the task category.
8. Optionally use a keyword to filter the end result additionally.
9. User and Computers selection leave at default.
10. Click OK, and you have successfully filtered out desired logs.
Do you need assistance interpreting your log files or the information in them? This article presents all of the basic information about Windows System logs. You know where they are stored and how to access them, giving you more troubleshooting and security tools.
Windows hosting is one of many options for our VPS Hosting, Cloud Dedicated Servers, and Dedicated Servers. Contact our sales team today if you’re looking for a managed hosting provider for your Windows Server project.
About the Author: Neil Golden
Neil contributed to solving the complex puzzle of evolution for a long time by obtaining his Ph.D. in Archaeology. These days, he digs the Linux servers in his role within the Liquid Web Monitoring Department instead of Paleolithic stone tools in the caves on archaeological sites. Instead of mammoths, he is now hunting for bugs on Linux servers. He has written numerous scientific and technical articles because writing is one of his biggest passions. In his free time, Neil composes music, reads novels, and travels the world.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Guide on Connecting to Remote Servers Using SSH in Linux, Windows, or macOS SystemsRead Article
New User Tutorial: What is DNS?Read Article