Diagnosing server issues with the Windows Event Log

When something is not working in windows, it can be frustrating to track down the issue if you do not know how to use the Windows event logs. This guide is intended to get you started when troubleshooting a problem.

First of all, when you have a problem such as a random unexpected reboot it is important to get some sort of time frame to search within as the windows event log as standard logs a lot more than you might think and having to trawl through it without at least knowing within a few hours can be a horrible task.

Opening the event log. #

Right-click on the start menu and select ‘Event Viewer’

Making the issue stand out. #

In most cases, a seemingly random reboot will be recorded in ‘Windows Logs’ then ‘System’ if you click on these, you will suddenly see a vast amount of ‘information logs’ these for the most part, are just that, information only and no likely to be attributed to an unexplained reboot. to make the actual warnings and real errors stand out on the right and side to click ‘Create Custom View’, you will see that the ‘System’ event logs have already been selected for you, now tick the boxes ‘Critical’ Warning’ and, ‘error’ click ‘OK’ then give the custom view a name, e.g. system-issues and again click OK.

Now you will also see that this filter has been permanently saved on the left-hand menu for you under ‘Custom Views’, so you can use this at any time in the future.

Finding the issue. #

Now you have a filtered view which will include all service, windows update and general faults, errors, and warnings related to your windows system. You should be able to read in plain language what was going on just before your reboot, for example: ‘The service XYZ unexpectedly terminated with the following error: Ran out of memory which is excellent for diagnosing why something might have failed or why a service has stopped randomly.

You can follow this same method with all of the other event types to filter out the information only logs when trying to find an issue. The windows logging system is quite powerful and easy to manage and covers a vast amount of issues, there is also a hardware log which might record things such as heart problems or disk early failure detections.