What is Event Viewer in Windows and how can you use it. How to view Windows logs and when the computer was turned on Windows 10 computer log

Microsoft, when updating its operating systems, often changes the way it activates features that all users are accustomed to. Often, even experienced Windows users find it difficult to figure out where to turn on the operating system boot log in Windows 10, so that it can then be viewed and analyzed. In this article, we will look at how to enable the boot log in Windows 10.

Table of contents:

Why do you need a download log?

Many users do not know at all what a download log (or log) is and why it is needed. Without going into details, the download log is a simple text file that contains information for analyzing the process of starting the computer and operating system.

Most often, system administrators need a boot log to understand what problems prevent the operating system from loading or cause certain errors when starting programs or during Windows operation. The download log displays a complete list of drivers and libraries loaded when the computer starts.

Where is the boot log in Windows 10

In the Windows 10 operating system, the download log is located on the system drive in the Windows folder. The file is called ntbtlog.txt.

Please note: As you can see, this is a regular text file. It can be opened using the standard Notepad application or other third-party programs that allow you to work with txt files.

How to enable boot log in Windows 10

In order for the text file ntbtlog.txt to appear in the Windows folder, you need to generate it. By default, Windows 10 disables the process of creating this file when you boot your computer.

There are two ways to enable boot log file creation:


How to read Windows 10 boot log

Despite the fact that the download log is a text document exclusively for system administrators, an ordinary user can also take something useful from it.

The boot log indicates before each of the components whether it was executed or not:

  • BOOTLOG_LOADED- means that the driver was loaded without errors.
  • BOOTLOG_NOT_LOADED- indicates that the start of this driver was skipped during loading of the operating system.

Based on this information, you can draw conclusions about which drivers on your computer may have problems.

The Windows system contains a very important component - the Event Log. The Event Log in Windows 10 is a tool that helps programs and the system record and save notifications in one place. It records all error codes, messages and program notifications.

Often, unscrupulous people use the Windows Event Log to deceive users - malware that has penetrated a PC sends a warning to the log about an error in the operation of the OS. Next, the information criminal calls the user selected for deceptive actions. He asks to open Event Viewer, posing as a Microsoft employee, so that the victim will see a notification about a serious error in the system. The scammer asks for credit card information (number, expiration date and 3 security digits on the back) to supposedly correct an error that allegedly harms the computer. This deception scheme is quite old, but it still works.

If your computer device is working normally, you can ignore the occasional errors that appear in the Event Log in Windows 10. However, if problems occur in the system, then using the Event Log you can diagnose and find out what caused them.

How to start Event Viewer

To launch Event Viewer you need to:

  1. Open the Start menu.
  2. Enter “Event Viewer” in the search bar.
  3. Press Enter.

This program can also be opened through the Administration folder in the Start menu.

It is important to know that all events are divided into categories - for example, application events are located in the Applications category, system news is located in the System category. If security event analysis (audit of login events) is configured on the PC, then audit messages are sent to the Security category.

Correcting errors in the event log

The periodic appearance of various error codes and notifications in the Event Viewer program should not cause you to panic. These notifications do not always signal danger to the PC system. Sometimes they can be registered on a completely working computer device.

Event Viewer was created to make it easier for the System Administrator to monitor the device, as well as to help troubleshoot errors. If the PC does not crash, then the error recorded in the Event Log is not very dangerous.

Even error messages are not serious for the average computer user. If you have System Administrator rights, then the Event Log in Windows 10 will help you resolve the error on the server. If you do not have administrator rights, then this information component of the system will be of little use.

Event Viewer: User Guide

As long as your PC is functioning normally, the Event Log is not much needed. However, it helps a lot when various problems appear with a computer device - spontaneous rebooting or the appearance of screens of death. The event log provides detailed information about the causes of failures. For example, logging an error in the System category reports an unsuccessful startup of a system service or other failure.

The Event Log can also be used to monitor your computer's startup/shutdown. If you have a server that cannot be turned off, you can configure checking for PC shutdown events, which makes it possible to quickly turn on the server.

You can also use Event Log in Windows 10 along with Task Scheduler. To do this, right-click on any event. Next, a context menu will open where you need to select “Bind a task to an event.” When such an event appears, the system will automatically start execution of the created task.

Attention, long and meticulous description of the problem!!!
I’ll say right away that I reviewed everything possible in Google and Yandex. The situation is this: the Windows Event Log service in Windows 10 (Enterprise version) does not want to start at all. When starting manually through “Control Panel” -> “Administration” -> “Services” we see the following:

The fact is that in “Computer Management” there is “Event Viewer”, which uses, as it became clear to me, the “Windows Event Log” service. The following is displayed when accessing the event viewer:


This is logical, the service does not start. I started digging deeper and found various information. Next I will write what I did:

The result of my torment is a sleepless night and lack of results! The problem is still urgent!
P.S.: All this was started due to the installation of Microsoft Office 2007 on the computer, which clearly indicated a problem with write permissions along the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog, and almost all subfolders there are not opened with the same verdict:


Afterwards I already tried Microsoft Office 2016, it also doesn’t want to install. He even went so far as to download the portable version of Office in desperation, so he told me that services.exe gives an error 0x0000007e (a fairly common error, but considering that I previously learned about running the log service with its help, I think that portable office also climbs into the Windows log.

Phew, did you finish reading? :) Well, please help me, tell me, maybe I did something wrong?? I don’t know what else to do, even if it’s realistic to take the top ten and install Windows 7...

UPD: I was wondering whether it is possible to have a registry branch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog restore/reset to default? Like, the state of the service settings is like that of a freshly installed operating system. Are there any last resort methods?

It often happens that the computer reboots for no apparent reason, freezes, or stops working. If it has a modern operating system installed, such as Windows 10, you can easily find out the cause of the problem. To do this, you need to know how to view Windows 10 errors and what they mean.

What is the Event Log and what is it for?

Even if the computer works without any failures, it is better to find out in advance where to look at the Windows 10 error log. Checking it periodically will help to detect and prevent serious problems in advance. When emergency situations occur, when the user does not see obvious causes of problems, the Windows 10 event log is an indispensable assistant. It must be taken into account that even on a working computer, sometimes errors occur that may not affect the quality of work, but if there are critical errors, you must take measures to eliminate them.

How to open the log and see errors

There are several ways to open the event log.

Control Panel

  1. Open Windows Search and enter "Control Panel".

  2. In the dialog box that appears, select the menu "System and safety", "Administration".


  3. Click shortcut "Event Viewer".


    4. Console Run

    Press the keys simultaneously "Win" and "R" and in the pop-up window the lines "Open" enter eventvwr.msc and press Enter.


    Start Menu

    Right click on "Start" and select from the pop-up list "Run", enter eventvwr.msc and press enter.

    Search Windows 10

    Enter the phrase into the Windows 10 search menu "Event Viewer" or "Magazine" and press Enter.

    In the program window that appears there is a tab "Overview and Summary", below which there is a submenu "Summary of Administrative Events", which contains drop-down lists containing the following information: critical events, errors, warnings, details, and success audit.


    When these lists are expanded, lines appear about what happened in the system. The most important are critical events and errors. The line describing the error includes its code, source, and how many times it occurred in the last 24 hours and 7 days. When you double-click a line, a window appears with a detailed description of the problem that occurred, the exact time it occurred and other important information.


    You can also use the Windows 10 event logs, the menu of which is located in the left column of the program "Event Viewer". Application, security, and system logs are available here. The latter contains information about the most important failures occurring in the system, for example, problems in the operation of drivers, system programs and other important information.

    Carefully examining the available log entries is very helpful in ensuring the smooth operation of your computer. For example, the presence of a critical event Kernel power 41 may indicate problems with the power supply, it is overheating or there is insufficient power for your computer. In addition, logs can also help in solving problems with failures in the operation of individual programs through the use of the application log.

    Conclusion

    To prevent your computer from failing at the most inopportune moment, you need to know where the Windows 10 error log is located and open and study it at least once a week.

Most personal computer users do not even know about such an addition as the event log. This is a special function for viewing all events that occur in the operating system installed on the PC. It is there that critical errors, warnings and other important information are displayed, both for ordinary users and for server owners.

In this article we will examine this topic in detail and find out what it is, where you can view the event log in Windows 10 and how to use it.

To begin with, it’s worth saying that this service records absolutely everything that happens on the computer. Messages and errors are recorded, including in the operation of drivers, applications and programs. By regularly reviewing and studying the history, you can easily identify problems and weaknesses in the device's security, which is especially useful for servers.

How to open?

Finding and opening the event log is quite simple; to do this, you need to enter the phrase “Event Viewer” in the Windows 10 search and click on it. But if you have indexing disabled, this attempt will not bring results.

And as an option you can:


All information will be divided into appropriate groups. For example, by opening the application log, you will be able to view all messages about the operation of programs. Absolutely all system incidents related to Windows 10 are displayed in it.


Initially, this service was developed exclusively for administrators who constantly monitor the status of servers, identify errors and causes of occurrence, and then try to quickly eliminate them.

Don't be alarmed if your device is working fine, but there are error warnings in the log, because this is normal for the OS. Any failures, including minor ones, are entered into the registry, so no need to worry.

How to use?

Most “professional” users are sure that ordinary users do not even need to dive into this topic, because it will never be useful to them. However, this is not at all true, because this tool is incredibly useful in certain situations.

For example, if a blue screen appears or your system reboots on its own from time to time. Why this happens and what caused it can be quickly found in the system event log. If the error is related to updating drivers, then it will indicate the hardware with which the problem occurs and effective ways to solve it.


To simplify the search for the required report, you need to remember the time the situation occurred and, based on the time frame, look for the error.

Also, another important function is the recording of the loading of the operating system, when its start, end and duration are indicated. Moreover, the need to enter a reason can be linked to turning off the computer. It will appear in our magazine. This is especially useful for server administrators, because every detail is important to them.


Cleaning methods

There are five main ways you can clear the event log:

  1. Manual method.
  2. “Batch file” is a special file with the extension “*.bat”.
  3. Via the command console "cmd".
  4. Via PowerShell.
  5. CCleaner utility.

Let's take a closer look at each of the proposed methods and find out how to apply them in practice.

Manual cleaning

First of all, I suggest considering a way to clean reports yourself in Windows 10. It is quite simple and does not require the use of special commands or installation of third-party programs.

All you need is:


As you can see, everything is extremely simple. However, in some situations you still have to use other methods, which we will discuss below.

Creating and using a bat file

Another fairly simple method that will allow you to quickly clean it. Let's look at it in more detail:


If you are too lazy to create this file, then you can use a ready-made version download from link.

Via the command console

You can also clear the event log of errors, warnings and other messages through the “cmd” command line.

After this, all reports will be deleted.

Via PowerShell

The Windows 10 operating system provides a more advanced version of the command line - “PowerShell. Clearing the event log using this tool is very easy.

Let's look at everything step by step:

You will most likely encounter an error, but don't be alarmed as this is normal. All partitions will be cleared.

CCleaner program

The well-known CCleaner program allows you to completely clean the system and registry of unnecessary files and incorrect entries. This speeds up the operation of the system. It works perfectly on different operating systems, including Windows 10. In addition, it has a free version with pretty good functionality.


In this way, we will clear the event log and further optimize the performance of Windows 10.

This topic is not as dynamic and interesting as, for example, system recovery or the fight against malware, but no less important.