When your Windows operating system develops some issues, you’re either going to want to try to troubleshoot and fix the problems yourself or hand the computer to someone else. To help troubleshooting, Windows has an integrated logging system that enables many operations on the computer to be monitored and the results recorded. These are called event logs and you can view everything that’s been recorded in the logs with the built in Event Viewer.
Through Event Viewer the logs can show all sorts of interesting information. This includes what happens during security, program and system events, software or driver installs and uninstalls, Windows Service start and stop results, and hardware or Windows component events.
Although it’s a highly useful resource for tracing and fixing a range of different issues, the Event Viewer itself can be tricky to read and interpret because of the amount of data being shown. Thankfully there are other tools around that can view the event logs and make them easier to read. Here are five free alternative event viewers to look at.
For a quick, no frills utility to view the Windows event logs, Nirsoft’s MyEventViewer is a good candidate for the job. It’s a portable standalone executable and is only 50KB for the 32-bit version and 120KB for the 64-bit version. For such a small utility it does have a number of options to control what is displayed from the event logs and how it is displayed.
One issue when you launch MyEventViewer is it loads all the event logs first, which takes time if there are tens of thousands of entries. To help with that you can press F9 to show the Advanced Options window. This helps narrow down the amount of log entries to load by using time and date filters, only loading xxx number of entries or using specific include/exclude keywords. This window can also be shown on startup of the program with Options > Show Advanced Filter Window on Start.
Specific logs can be excluded using the Logs menu and success or error entries can be filtered out from the Options menu > Event Type Filter. MyEventViewer also has an auto refresh function so the window shows the latest events every few seconds. The lower pane that displays the log text might be a bit difficult to read but should be no issue for more advanced users. Another useful option is the ability to clear specific event logs if you are sure the log data is no longer required.
2. WMI Tools
WMI Tools is a general viewing tool for all the information that comes from Windows Management Instrumentation (WMI). This includes hardware, software and Windows information, and also process and service information. Another WMI Tools feature is it also reads system event logs and displays the data in an easy to read user interface.
Only a setup installer is available for download although you can easily unpack it with Universal Extractor. There’s only an executable and a XML file that are required for the program to work once extracted. Run the program and click Event Log. The logs actually load fast to begin with because only entries from the last 24 hours are shown. You can change the filter to show all entries or setup a custom time range which defaults to the last 7 days.
Double clicking on any log entry will show all the available information in a popup window. If you only want to look at the warnings or errors and filter out the success entries, click on the small filter icon in the top right corner of the Type column header. Then check the warning and error boxes.
3. Event Log Explorer
Event Log Explorer is the most dedicated and probably the most complete event log viewing tool outside of the Windows Event Viewer itself. It also has a wealth of options including multiple tabbed log windows, event ID internet search or Microsoft Knowledge Base search, Event Alerter, Event Scheduler, advanced searching and filtering options, add computers wizard, bookmarks and user interface features like color coding.
Like WMI Tools, Event Log Explorer only comes as a setup installer although Universal Extractor will again extract its files to work portably. Another drawback is the program needs a registration key to be able to use the free version for personal use. However, you can enter random details into the online form and the registration key will appear on the thanks for registering page.
Open an event log by expanding the computer tree on the left and double clicking the log to view, double click a log entry to get the available information. The yellow Filter button in the toolbar is highly useful which can include or exclude event types and filter by date and time, event IDs, specific text and many other criteria. It’s also possible to open, close, clear, merge, export and save individual logs.
4. Windows Event Viewer Plus
Windows Event Viewer Plus has some good and bad points. The good are that it’s portable, very easy to use and nobody is likely to be confused by extra functions and features because there aren’t many to speak of. Log information is displayed nice and clearly but there is no means to filter or sort the log entries which makes viewing everything in large logs problematic. Loading and collating the log data is also quite slow compared to other event log viewers.
Usage is easy, simply click on the log on the left and double click any entry to get more detailed information and the option to run a search through Microsoft support or and major search engine. There’s not much else to speak of apart from the option to connect to remote event logs and a few system tools such as SFC and Check Disk in the Tools menu.
5. Windows Reliability Monitor
Most Windows users will not be aware that in addition to the standard Event Viewer, since Windows Vista there has also been another built in tool called Reliability Monitor. It reads the same Event logs as Event Viewer but shows the results in a much easier to understand and more user friendly way. Instead of scrolling through huge lists you can see at a glance if any warnings or errors have occurred on a specific day through a more visually appealing user interface.
Reliability Monitor can be opened several ways, type “reliability” into Start, use “perfmon /rel” from the Run dialog or a desktop shortcut, or go to Control Panel > Action Center > Maintenance > View reliability history. The window at the top shows an overall reliability score out of 10 which is based on how many issues there are during the time period. The red icons signify Windows or software failures, the yellow icons are for warnings (usually install or uninstall failures) and the blue depicts information, usually success messages.
Clicking on a specific day or week will populate the lower window with what programs caused each event. From there you can click View technical details and see more detailed information about the event or ask the Action Center to check and see if it can find any solutions to the errors. While Reliability Monitor might not provide detailed information for advanced users it does show enough for others that are trying to troubleshoot their own problems.