How to search the event viewer?
Event viewer is a powerful tool, undoubtedly. However, it can also become overwhelming for the administrators to sift through the clutter of logs due to an overload of events and information. Filtering the logs to view only what you are looking for makes it easier and here's how to do it.
Filters:
To create a filter on a Server 2008 computer, perform the following steps:
- Open Event Viewer.
- Click the log that you want to filter, then click Filter Current Log from the Action pane or right-click menu. This will open the Filter Current Log dialog box.
- You can specify a time period if you know approximately when the relevant events occurred. You can specify the event level, choosing between Critical, Warning, Verbose, Error and Information. If you select none of these, all event levels will be returned. You can’t modify which event log is being checked as filters apply only to a single log.
- You can choose the event sources which have generated the log entries, and search for key words, users, or computers. You can also search using specific event IDs.
Custom views:
A custom view is essentially a filter that you can re-use and apply to multiple event logs. To create a custom view, perform the following steps:
- Open Event Viewer from the Administrative Tools menu.
- Right-click the Custom Views node, then click Create Custom View.
- Unlike a filter, you can configure a custom view to extract data from multiple event logs.The options available are the same as that of the filters.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools