Reading Time: 4 minutes

In this article, we discuss Windows logging, using the event viewer, and the windows log storage locations.

Windows VPS server options include a robust logging and management system for logs. These logs record events as they happen on your server via a user process, or a running process. This information is very helpful in troubleshooting services and other issues, or to investigate a security problem. 

Windows references logs as events, while Plesk and most other systems call them logs. For standardization, they call them logs in this article. Follow below to see how you can use the event viewer to review your logs and investigate issues. 

Windows Logs
Note:
This article applies to Fully Managed, Core Managed, and Self-Managed options.

Accessing The Event Viewer

The first step in accessing the Event Viewer is to connect to your server. Gaining access to the server is accomplished through the Console button in Manage, or through a manual RDP connection.

access.server
access server

Once you have connected to your Windows server, you will need to log in to your administrator account. Once logged in, click the Start menu, then Event Viewer.

start event viewer

Using The Event Viewer

The event viewer is a system application included on all versions of Windows servers. This program allows you to view logs recorded to it by applications and the system. The event viewer has four main views you will see when you first launch the application:

  • Custom Views
  • Windows Logs
  • Application and Services logs
  • Subscriptions
event viewer
event viewer

For this article, we will focus mainly on the Windows Logs. The project you are hosting may have you reference the application logs for programs you use, which may be outside the scope of this article. 

All logs are assigned an event level. This event level denotes the severity or seriousness of any issues noted in the logs. The default view of the list below is by acuity.

  • Audit Success - (Security category only)
  • Audit Failure - (Security category only)
  • Critical
  • Error
  • Warning
  • Information
  • Verbose
event level
event level

Log Categories

You will also notice that Windows logs are broken down into categories. These classifications are listed below, along with some quick info about each section.  

log categories

Application - Logs related to drivers and other system components

Security - Logs pertaining to successful and failed logins, and other authentication requests 

Setup - Logs associated with Windows install and updates

System - Logs linked to uptime, service status changes, and other messages generated by the operating system

Forward Events - Logs from a remote server, forwarded to this server

Clicking on any of the categories above will load all of the saved logs for that category. The logs will, by default, be arranged in chronological order. You can also modify how the logs are arranged by clicking on any of the column headers. 

saved logs
saved logs

Clicking on any specific record will bring up some general information about the log, like the time of the log entry, the log entry level, it’s ID and source, as well as a variety of other information that can be used to identify an issue. 

Clicking on details will provide you with the raw log data, which can present a more considerable amount of detail that can be used to investigate and solve problems. 

Lastly, the default location of these logs can be found in the following folder on the server: 

C:\Windows\System32\winevt\Logs

Get Started Today!

Are you have issues tracking down where problems are occurring on your windows server? Need help deciphering the information in a log file, or trying to locate ways to improve the responsiveness of your server?

We pride ourselves on being The Most Helpful Humans In Hosting™!

Our Level 3 Windows administrators are tough, smart, and experienced techs who can help with any issue. Reach out today if you are running out of options and need to hear from a professional regarding any of our Windows servers or platforms using either our Managed Cloud or Private Cloud Powered by VMware and NetApp!

If you are on a Fully Managed VPS server, Cloud Dedicated, Private Parent server, or a Dedicated server owner and want to make a change, give us a call at 800.580.4985, or open a chat or ticket with us to find out how!

About the Author: David Richards

David Richards has been an educator, a Technology Director, and now a Windows Administrator for 20+ years. He’s an English major with a love for technology and helping others find ways to use technology more effectively. In his free time, Dave loves to read, play games, and spend time his family.

Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

What is Formik?

Read Article

Cloud Commerce Customer FAQ

Read Article

Five Steps to Create a Robots.txt File for Your Website

Read Article

Premium Business Email Pricing FAQ

Read Article

Microsoft Exchange Server Security Update

Read Article