How To View Windows Crash And Error Logs

Key Points

  • Windows event logs store the information for hardware and software malfunction, including other successful operations.
  • You can view the event logs with different severity across various categories in the Event Viewer (eventvwr.msc), or using the Reliability Monitor (Control Panel > System and Security > Security and Maintenance > Maintenance > View reliability history).

The Windows operating system logs and stores information about the actions performed on it, especially if any errors have occurred. This information is collected from the different Windows applications as well as the Windows components itself.

These errors are recorded in the location “C:\WINDOWS\system32\config\“. However, if you go on to this directory, you will find files that cannot be opened in any apps, and therefore, you won’t be able to view the error logs. For those purposes, the Windows OS includes two useful tools:

  • The Windows Event Viewer, and
  • The Reliability Monitor

These tools can be used to view and understand the different errors and warnings that occur on your computer. So if your apps keep crashing, or you keep experiencing Blue Screen of Death (BSoD) and you cannot understand why, you can resort to these tools to understand why the error has occurred and how you can mitigate it.

This guide discusses how to access the Event Viewer and the Reliability Monitor on a Windows computer, and how you can use them to understand the different error types and their causes.

What are Windows Event Logs?

Event logs are files that contain structured information about the happenings of an event. These events can be errors, warnings, or simple operations. These files provide information about the different hardware and software-based operations on the system.

On a Windows computer, event logs are used to determine the cause of an error or a warning. These contain error codes and often an explanation for why something happened. For example, if the system crashes all of a sudden, Windows will generate a log explaining why it crashed.

Sometimes, the explanation is simple enough to resolve the issue. At other times, you may only be able to get a certain error code (eg. 0xC000021A) which doesn’t explain much on its own. However, you can search for this code on the internet and obtain detailed answers for the causes of the error and its possible fixes.

Event logs can contain the following information on a Windows computer:

  • Log name: This is the category of the event log for which the log was generated. The different categories have been discussed below.
  • Source: Name of the component or app that caused the event.
  • Event ID: This is the identification number that helps administrators identify a specific logged event. This is usually the code that is used to further research the error that caused the logged event. 
  • Level (Type): This indicates the severity of the event log. These can be information, error, verbose, warning, or critical.
  • User: Name of the user account who logged onto the computer when the event occurred.
  • OpCode: When a program raises the event, it executes an activity or a certain point within an activity, and the OpCode defines a numeric value that identifies the particular activity.
  • Event date/time (Logged): Indicates the date and time when the event occurred and when the log was generated.
  • Task Category: This indicates what kind of recorded event log it is. To provide more details about the event, developers can include task categories in their apps if needed.
  • Keywords: Event logs categorize events using keywords. These keywords help classify the type of event and provide additional context. One such common keyword is “classic”.
  • Computer: Name of the computer logging the event.

Types and Categories of Windows Event Logs

If you are new to the event logs on a Windows computer, then it will be important for you to understand its types and categories. With this knowledge, you will be able to look for the right error log and understand it better.

Types/Level of event logs

Regardless of the category of an event log, there are 5 types of error logs, which are as follows:

  • Information: Indicates that a service or application is running smoothly. For instance, the event will be recorded as an information event when a Windows Service is started successfully.
  • Warning: These are insignificant incidents that raise the possibility of future problems. A warning event may be logged when your device is running on low disk space.
  • Error: An error log, identified with a red exclamation mark, describes a serious problem that arises when a system is unable to operate as intended, such as when the operating system or an app crashes.
  • Success Audit: Such type of event logs document a legitimate effort to obtain the security log through auditing. An effective login attempt, for instance, will be classified as a successful audit event.
  • Failure Audit: These event logs show the security log’s audited security access failures, like not being able to access the network disc.

When reading the different event logs, we normally look for warnings or error logs, as those usually cause major issues with the system, such as the operating system crashing or resulting in BSoDs.

Categories of event logs

Other than the information about the different types of event logs, you must also understand the different categories of them. This information will let you know where to look for the event log (under which category).

  • Application: Event logs regarding apps and software hosted on the computer get logged under this category. For example, an event log will be created if the Paint application or a game fails to launch.
  • Security: Any events about the security of the system are stored under this category. Such events are recorded via the Windows auditing process. For example, if an unauthorized access attempt is made to the system, or a secure file deletion attempt is made, an event would be automatically registered.
  • Setup: Events that occur during the Windows OS installation are recorded in the setup log. Setup events will also be registered on domain controllers relating to the Active Directory.
  • System: Events about the system and its components are recorded in this category. For example, an error with the kernel will be recorded here.
  • Forwarded Events: These are the event logs that have been forwarded from other devices on the network.

With this information, when an error occurs on your computer, you should be able to look under the right category and understand why it happened.

Now that you fully understand the use and benefits of event logs, let me show you how to access the event logs and make them useful.

How to view event logs on Windows

As mentioned earlier, you can access the event logs on a Windows computer using the Event Viewer, and the Reliability Monitor.

The Event Viewer can be used to access the different event categories discussed above and view all sorts of events. Whereas the Reliability Monitor provides a timeline of events that can be arranged in days and weeks. The latter focuses on system errors that may affect the reliability and performance of the system and is not as detailed as the Event Viewer.

View event logs with Event Viewer

To access the logged events in the Event Viewer, follow these steps:

  1. Press the Windows key + R to launch the Run Command box.

  2. Type in “eventvwr.msc” and press Enter to open the Event Viewer.

  3. Expand “Windows Logs” from the left navigation pane.

  4. Click on the event category that you want to access.

    Open log event category
    Open log event category
  5. Now, scroll through the logs in the middle pane and click on the one you need the information for.

    Since there are too many logs to go through, you can apply a filter by performing these additional steps. To start, click “Filter Current Log” in the right pane.

    Filter the logs
    Filter the logs
  6. In the Filter Current Log window, select the following elements to help you find a specific error log file:

    • Logged: The duration to show the event logs for.
    • Event level: The severity of the log event.
    • [Optional] Event ID: If you are looking for a specific error log for which you already have the event ID.
    Apply the event filters
    Apply the event filters
  7. When done, click OK.

When the filters are applied, you can scroll through the event logs in the Event Manager, and double-click the one you want more information on.

I would also like to add that in Step 6 above, you can further narrow your search result by applying additional filters, such as a keyword, a user account name, etc.

Moreover, you can also use the “Custom View” option and filter certain types of event logs from different categories into one frame. To create a custom view, use these steps:

  1. In the Event Viewer, click “Create Custom View” in the right pane.

    Create a custom filter in Event Viewer
    Create a custom filter in Event Viewer
  2. In the “Create Custom View” window, select “By log” and then expand the drop-down menu in front of it.

  3. In the drop-down menu, select the log categories that you want to view.

    Select the event log categories to view
    Select the event log categories to view
  4. Now select the event levels and click OK.

    Create a custom view for event logs
    Create a custom view for event logs
  5. Now set a name for the custom view and click OK.

    Assign name to custom event view
    Assign a name to custom event view

After performing these steps, you should be able to view the shortlisted even logs directly under one category in the left pane.

View event logs in custom category in Event Viewer
View event logs in a custom category in Event Viewer

In case you want to delete or edit the custom event category, simply right-click on it and select the respective option from the context menu.

View event logs with the Reliability Monitor

You can also use the Reliability Monitor to view the important error logs on your computer. Here is how to access and read the tool:

  1. Press the Windows key + R to open the Run Command box.

  2. Type in “control” and press Enter to launch the Control Panel.

  3. Click “System and Security“.

  4. Click “Security and Maintenance“.

  5. Expand Maintenance.

    Expand Maintenance
    Expand Maintenance
  6. Click “View Reliability History“.

    Open Reliability Monitor
    Open Reliability Monitor
  7. Click on the day’s column for which you want to view the crash log.

    Select the day to view the event logs for
    Select the day to view the event logs for
  8. Double-click on the event in the bottom section of the Reliability Monitor to view more details.

    Open the event log using Reliability Monitor
    Open the event log using the Reliability Monitor

After performing these steps, you should be able to see the complete details for the selected event log.

View event log details with Reliability Monitor
View event log details with the Reliability Monitor

As you may find in the image above, the details here for the event log are somewhat different than the ones available inside the Event Viewer. However, you can use the error code to find more information about the event online.

Closing words

Understanding the crash and event logs is just as important as accessing them. There is no use in viewing the event logs if you cannot determine what they mean.

This detailed guide shows you exactly how to view and understand the system event logs and look for errors with different severity, inside different categories. You can also view them for specific days if you are not sure exactly when an error occurred.

If you liked this post, Share it on:
Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information