locked
Event Viewer Logs RRS feed

  • Question

  • I am currently reading the 70-680 Configuring Windows 7 book by Ian McLean and Orin Thomas.  On page 673 it states the following:-

    Event Viewer tracks information in several different logs. Windows logs include the following:

    -- Application Stores program events. Events are classified as error, warning, or information, depending on the severity of the event. The critical error classification is not used in the Application log.

    -- Security Stores security-related audit events that can be successful or failed. For example, the security log will record an audit success if a user trying to log on to the computer was successful.

    -- System Stores system events that are logged by Windows 7 and system services.System events are classified as critical, error, warning, or information.

    -- Forwarded Events Stores events that are forwarded by other computers.

    I wanted someone to check and confirm to me the following: I found in my installation of Windows 7 Enterprise 64bit; in the Windows Log: Application Log several critical levels reported.  The above statement in the books states (underlined) that this is not possible.  I also noticed it missed out mentioning the Setup Log.

    Thank you for any help you can provide,

    Wisephoton.

    Thursday, January 27, 2011 10:07 AM

All replies

  • Critical messages are shown when Windows doesn't work (crash) so they are not shown under application.


    André


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    • Proposed as answer by Andre.Ziegler Thursday, January 27, 2011 3:21 PM
    • Edited by Andre.Ziegler Thursday, January 27, 2011 8:47 PM
    Thursday, January 27, 2011 2:20 PM
  • I can clearly see several critical levels (red solid circle with white cross) enteries in the Application log? how can this be when you and the book states this is not possible.

    Some one must have this wrong some where. Either that or I do not understand this.  If I look at the details section for each log entry and expand System under Friendly view I can find Level 1 (critical), level 2 (error), level 3 (warning) and level 4 (info) enteries all in the application log.

    I can send a print screen to prove this but do not know how to insert it into the forum reply.

    It's a little confusing when I can clearly see it is possible to find level 1 enteries in an application log.

    Thanks Wisephoton.

    Thursday, January 27, 2011 2:52 PM
  • This is a level 1 (critical entry) example:

    - System

       
    - Provider
          [ Name] Microsoft-Windows-ApplicationExperienceInfrastructure
          [ Guid] {5EC13D8E-      -    -A7E7-3121A1D90C7A}
       
      EventID 2
       
      Version 0
       
      Level 1
       
      Task 0
       
      Opcode 0
       
      Keywords 0x8000000000000000
       
    - TimeCreated
          [ SystemTime] 2010-11-26T15:49:34.468750000Z
       
      EventRecordID 2907
       
      Correlation
       
    - Execution
          [ ProcessID] 4068
          [ ThreadID] 4028
       
      Channel Application
       
      Computer InstructorFLR2.training.lan
       
    - Security
          [ UserID] S-1-5-21-                -3088469730-3974546014-1000

    - EventData

        DBType 15
        AppNameCount 20
        AppName Virtual PC 2007 SP1
        VendorNameCount 10
        VendorName Microsoft
        SummaryCount 106
        Summary Virtual PC 2007 SP1 is not supported on this version of Windows. For more information, contact Microsoft.
        SessionID 1
    Thursday, January 27, 2011 2:57 PM
  • My Windows 7 Enterprise 64 bit is showing the following in the Application log.

    Red solid circle with white cross is Critical (level 1)

    Red solid circle with white exclamation is Error (level 2)

    Yellow triangle with black exclamation mark is Warning (level 3)

    White solid circle with blue letter ' i ' is Information (level 4)

    Please check..

    Thursday, January 27, 2011 3:37 PM
  • ok, you're right with the icons: white exclamation on red circle is error.

    But you still don't see critical entries in application log! You only see errors. Because only crashing Windows is a critical event.


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Thursday, January 27, 2011 8:03 PM
  • Hi Andre,

    I agree with what you are saying that crashing windows is a critical event but I am not making this up.  I have the evidence to the contrary.

    If you take a look at the above data I pasted from my Application log:

      Level 1

    Channel Application
       
      Computer InstructorFLR2.training.lan

    The above information highlights a critical event and in the application log on my computer.  Can you at least confirm that the evidence provided suggests what is not possible has happened in my true example.  If you know how to contact the designer of this event viewer or a sysinternals expert then forward this to them.

    I would be interested in this being investigated a little.

    Thank you :)

    Friday, January 28, 2011 11:10 AM
  • Can you filter the Application eventlog for critical entries and extract the events into an evtx file and share it? I have never seen critial entries in the Application eventlog.

    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Friday, January 28, 2011 1:26 PM
  • I will have a go at extracting the events.  How do I share the evtx file with you?
    Tuesday, February 1, 2011 9:59 PM
  • How do I share the evtx file with you?

    Zip the file and upload the zip to your SkyDrive and post a link here:

    http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Wednesday, February 2, 2011 12:45 PM