Viewing and filtering events in Windows Server 2008



Viewing an event is easy. Just open Event Viewer, locate the event, and double-click it (or select it and press Enter). Event Viewer opens a dialog box showing the event’s properties. The top of the dialog box contains general information about the event such as time and date, type, and so on. The description text gives a detailed description of the event, which usually, but not always, offers a clear explanation of the event. The bottom portion of the dialog box displays additional data included with the event, if any. You can choose between viewing the data in byte (hexadecimal) or DWORD format. In most cases, it takes a software engineer to interpret the data because doing so needs an understanding of the code generating the data.

Use the up and down arrows in the right side of the dialog box to view previous and subsequent events, respectively. Click the Copy button to copy the selected event to the Clipboard.

By default, the Event Viewer shows all events for a selected log. In many cases, it is useful to be able to filter the view so that Event Viewer shows only events that meet specific criteria. To apply a filter, click a log and choose View and then Filter to access the Filter property sheet for the log.

You can choose to view events based on their type, source, category, ID, user, computer, or date range. For instance, you may want to filter based on source if you are trying to troubleshoot a problem with a specific application, service, or driver. To create the filter, select your criteria in the dialog box and click OK. Choose View and then All Records to remove the filter and view all events in the log.