Step 1: Open Event Viewer
Press Windows Key + R to open the Run dialog box.
Type
eventvwr.mscand hit Enter.The Event Viewer will open.
Step 2: Navigate to the Logs
On the left-hand panel, you’ll see a tree view of event categories:
Windows Logs
Application: Logs related to software and applications.
Security: Login attempts and security-related events.
System: Events logged by Windows system components.
Setup: OS installation and setup events.
Forwarded Events: Events collected from remote computers.
Applications and Services Logs
Custom logs from apps or services.
Click the desired log type to view the events.
Step 3: Filter or Search Logs (Optional)
To find specific events:
Right-click on a log (e.g., System) and select Filter Current Log.
Choose filters such as Event level (Error, Warning, etc.), Event IDs, or date range.
Click OK to apply the filter.
You can also use Find... in the right-hand Actions panel to search for specific keywords or Event IDs.
Step 4: Save or Export Logs
To save a copy of the logs:
Select the log (e.g., Application).
In the Actions panel (on the right), click Save All Events As...
Choose a location and file format:
.evtx: Native format for later viewing in Event Viewer.
.txt or .csv: For use in text editors or Excel.
Click Save.
Additional Tips
Event ID Lookup: You can look up specific Event IDs online to understand what they mean.
Task Scheduler Integration: You can create tasks to log or react to specific events.
Command Line Option: Run
wevtutil qe System /c:10 /f:textin Command Prompt to quickly fetch the last 10 events from the System log.
Common Use Cases
Diagnosing application crashes or system errors
Tracking unauthorized access attempts
Reviewing system shutdowns or startup times
Verifying that scheduled tasks or scripts executed