Whenever I see a request for help in solving a problem, I inevitably ask if there is any additional information in the event log. Since the days of Windows Vista, the event log has undergone a significant transformation. We now have access to a wealth of information which can be invaluable when troubleshooting or it can help identify trends which might lead to proactive actions to ward off problems before they reach a critical level.
Windows 7 now offers over 160 logs in addition to the old standards of System, Security and Application. Fortunately the Event Viewer (see my video to get the most out of Windows 7 Event Viewer) offers some sophisticated but easy to use features to make sense of all this information. In my article I'll explain how to find just the information you need from any event log through filtering.
While we've always been able to filter, now we can save our filters as custom views. We can even export and import these views and filters to share with other administrators. And you don't have to install a custom view on all your desktops. It is incredibly easy to connect to a remote computer and look at its event logs, both classic and new. If you have any custom views, they will automatically apply to the remote computer.
I'll also explain how to get started with event subscriptions. With subscriptions, you can gather selected events from remote computers to yours. This is very helpful when investigating a wide spread problem or looking for potential problem patterns.
Of course, since we're talking Windows 7 we're not limited to GUI-based tools. Windows PowerShell offers a few cmdlets for querying event logs, both locally and remote. With a little work you can easily find relevant information from any event log. My article offers some tips and techniques for getting the most out of these cmdlets.
There's no doubt that the event log tools in Windows 7 are a valuable part of your administrator's toolbox.' Although depending on the size and complexity of your organization or your comfort level with these tools, some administrators' might be better off investing in a full-featured 3rd party event log management solution. But event those admins should take a few minutes to read my article that goes into more detail about troubleshooting using event log mining because even a 3rd party tool is going to rely on the underlying Microsoft event log technology and the more you understand it, the more you can accomplish.