Event viewer in Windows Print

What is the Windows Event Viewer?

The Windows Event Viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems.

Launching the Event Viewer

The most of common ways to launch this application is press Win + R keys and write “eventvwr.msc”. After that click button OK.

Another way, which is also appropriate for all topical operations sytem versions – Control Panel → Administrative Tools → Event Viewer.

Another one way is right-click button “Start” and choose in menu “Event Viewer”.

Events are placed in different categories, each of which is related to a log that Windows keeps on events regarding that category. While there are a lot of categories, the vast amount of troubleshooting you might want to do pertains to 3 of them:

• Application: The Application log records events related to Windows system components, such as drivers and built-in interface elements.
• System: The System log records events related to programs installed on the system.
• Security: When security logging is enabled (it’s off by default in Windows), this log records events related to security, such as logon attempts and resource access.

General information

When you are choosing some event, in the middle will show infromation. Using this you may find a solution of problem in Internet and should understand, that's property mean:

1. Log Name — name of log, where is saved information about events.
2. Source — the name of software or process (Application Error).
3. Event ID — this number will helps you find information about this error. Just put Event ID + code number + name of application (Each programm have own code).
4. OpCode — here is listed information, like a: info, installation, download.
5. Task Category, Keywords — Usually not used.
6. Computer — inform you, from on behalf of which user and computer was started the process.

For example.

Here you can see error - “A CredSSP authentication to TERMSRV/185.155.96.223 failed to negotiate a common protocol version. The remote host offered version 4 which is not permitted by Encryption Oracle Remediation“. All what is you need is 4 components: Application name, Event ID, code and Source.

Credential Security Support Provider protocol (CredSSP) is an authentication provider that processes authentication requests for other applications. A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack. This security update addresses the vulnerability by correcting how CredSSP validates requests during the authentication process.

In internet I was found a link. Offica Microsoft support infrom about CredSSP update for CVE-2018-0886. We can conclude that this alert doesn't affect on computer efficiency.

Windows log perfomance overview

In the windows event view you can find enough interesting things, for example – to look at problems with efficiency of the computer.

Для этого в правой панели откройте Журналы приложений и служб — Microsoft — Windows — Diagnostics-Perfomance — тут вы можете наблюдать, есть ли среди событий какие-либо ошибки — они сообщают о том, что какой-то компонент или программа привела к замедлению загрузки Windows. По двойному клику по событию, вы можете вызвать подробную информацию о нем.

In the left side event panel open “Application and services logs” → Microsoft → Windows → Diagnostics-Perfomance. Here you can find Windows slowdown load programms and components.

Filters using

Event Viewer is a Microsoft Management Console snap-in that allows you to browse and manage event logs. When you check a drive for error, the detail results are stored as logs in Event Viewer, the steps below will show you how to read those logs.

Press Win + R keys, type in eventvwr.msc, and then click OK to open Event Viewer.

Open the Windows Logs > Application. Then move to right pane, click on Filter Current Log.

Choose - Chkdsk and Wininit items in the Event sources drop down menu. Close the drop down sources by clicking on blank area of Filter Current Log window, then click OK.