CIS 190 Systems Hardware Concepts Course Lab 5

CIS 190 Lab 5: Analyze a System with Event Viewer

Objectives:
The goal of this lab is to learn to work with Windows Event Viewer. After completing this lab,
you will be able to use Event Viewer to:
• View Window events
• Save events
• View event logs
• Compare recent events with logged events Lab Activity Background:
Most of what your computer does while running Windows 10, Window 8 or Window 7 is
recorded in a log. In this lab, you will take another look at the Event Viewer tool, which provides
information on various operations and tasks (known as events) in Windows. Event Viewer notes
the occurrence of various events, lists them chronologically, and gives you the option of saving
the list so you can view it later or compare it with a future list. You can use Event Viewer to find
out how healthy your system is and to diagnose nonfatal startup problems that still allow
Windows to start. (Fatal startup problems that prevent a successful startup don’t allow you into
Windows far enough to use Event Viewer.)

University of the Fraser Valley Lab 5 - Page 1 of 6

CIS 190 Systems Hardware Concepts Course Lab 5

CIS 190 Laboratory Report #5

Name: _______________________ Student Number: _____________________

Section: ______________________ Date: ______________________________

Follow these steps to begin using Event Viewer:

1. Log on as an administrator.

2. Open the Control Panel window.

3. Click Administrative Tools. The Administrative Tools window opens.

4. Double-click Event Viewer to open the Event Viewer window. The console tree is shown in
the left pane., with Event Viewer (Local) listed at the top. If necessary, click Event Viewer
(Local) to select it. The Overview and Summary section is in the center pane, with available
Actions in the right pane (see Figure below). Maximize the Event Viewer window to see
more information in the middle pane.

5. You can drag the lines separating the panes to widen or narrow each pane. Widen the center
pane because it contains the most useful information.

6. In the console tree, expand Window Logs, and then click System in the Windows Logs
group. The System log appears in the center pane. In the center pane, if necessary, you can
drag the bar between the boxes down so you can see more of the list of events in the top box.
The symbols to the left of each event indicate important information about the event. For
example, a lowercase “i” in a white circle indicates an event providing information about the
system, and an exclamation mark in a yellow triangle indicates a warning event, such as a

University of the Fraser Valley Lab 5 - Page 2 of 6

CIS 190 Systems Hardware Concepts Course Lab 5

disk being near its capacity. An exclamation mark in a red circle is an error, and an X in a red
circle is a critical event. Each event entry includes the time and date it occurred. Click on
several events to see what information changes in various parts of the Event Viewer window
when selecting different events.

For each of the four most recent events, list the source (what triggered the event), the time,
and the date:

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

7. Double-click the top (most recent) event. The Event Properties dialog box opens. What
additional information does this dialog box provide?

________________________________________________________________________

________________________________________________________________________

________________________________________________________________________

8. Close the Event Properties dialog box.

Because Event Viewer provides so much information, it can be difficult to find what you need
however, events can be sorted by clicking the column headings. Do the following to find the most
important events:

1. To sort by Level, click Level. Events are listed in the following order: Critical, Error,
Warning and Information.
2. To sort events by Date and Time, click Date and Time.
3. To see a list of only Critical, Error and Warning Events, expand Custom Views in the console
tree, and then select Administrative Events. How many Critical, Error, and Warning events
are recorded on your system?
________________________________________________________________________

You can save the list of events shown in Event Viewer to a log file. When naming a log file,
it’s helpful to use the following format: TypelogEVmm-dd-yy.evtx (mm = month, dd= day, and yy
= year). For example, you would name a log file of System events saved on June 8, 2020 as
SystemEV06-08-20.evtx. After you create a log file, you can delete the current list of events from
Event Viewer, allowing the utility to begin creating an entirely new list of events. A short log and

University of the Fraser Valley Lab 5 - Page 3 of 6

CIS 190 Systems Hardware Concepts Course Lab 5

resulting log file is easier to view and easier to send to other support technicians when you need
help.

Follow these steps to save the currently displayed events as a log file, and then clear the
current events:
1. Open File Explorer/Windows Explorer, and create a folder called Logs in the root directory
of drive C.
2. Leaving File Explorer/Windows Explorer open, return to Event Viewer, and then click
System in the console tree in the left pane. The System log is selected but no particular event
is selected. How many events are there in this log?
________________________________________________________________________
3. To save the System log to a log file, on the menu bar, click Action, and then click Save All
Events As.
4. Navigate to the Logs folder created in Step 1. Name the file SystemEVmm-dd-yy (remember
to replace the italicized portion with today’s date), click Save, and then click OK. What is the
name of your log file, including the file extension?
________________________________________________________________________

5. Now you’re ready to clear the current list of events from the Event Viewer. With the System
log still selected, click Action, and then click Clear Log.
6. When asked if you want to save the System log, click Clear. The Event Viewer window now
displays only one event. What is the event?
________________________________________________________________________

7. Close the Event Viewer.

It can be useful to save a log that shows the event of a successful, clean boot, so you can use
it as a reference when you have a problem with a boot. You can compare the two logs to help you
identify a problem. To save a log of a boot, follow these steps:

1. With your System event log recently cleared, reboot your computer.
2. Return to Event Viewer. How many events are now recorded in your System log?
________________________________________________________________________
3. Does this list of events include any Warning or Error events? If so, describe these events
here:
________________________________________________________________________
4. Save a new file of System events to your Logs folders, and name the file
SystemBootEVmmdd-yy. What is the name of the log file, including the file extension?
________________________________________________________________________

5. Now, with the System log still selected, clear the System log.
6. Close the Event Viewer.

University of the Fraser Valley Lab 5 - Page 4 of 6

CIS 190 Systems Hardware Concepts Course Lab 5

Next, you create an intentional problem by disconnecting the network cable from your computer.
Then, you observe how the resulting errors are recorded in the Event Viewer. Do the following:
1. Carefully disconnect the network cable from the network port on the back of your computer.
2. Open Internet Explorer, and try to surf the web.
3. Close Internet Explorer, and then open Event Viewer. How many new events are displayed?
________________________________________________________________________ 4.
List the source, date, and time for any Error or Warning events you see:
________________________________________________________________________ To
restore the network connection and verify the connection is working, follow these steps:
1. Reconnect the network cable to the network port on the back of your computer. Open Internet
Explorer. Can you surf the web?
________________________________________________________________________

2. In the center pane of the Event Viewer window, the System log reports that new events are
available. To see these events, on the menu bar, click Action, and then click Refresh. How
many events are now listed?
________________________________________________________________________

When troubleshooting a system, comparing current events with a list of events you previously
stored in a log file is often helpful because you can spot the time when a particular problem
occurred. Follow these steps to compare the current list of events with the log you saved earlier:
1. Use Windows Explorer to locate the System log files in the C:\Logs folder you created earlier
in this lab. Double-click one of these log files. A second instance of Event Viewer opens
displaying this log file. Notice in this new window the saved log file is listed in the console
tree under Saved Logs.
 List all the saved logs that are displayed:
________________________________________________________________________ 
What happens when you click on a saved log?
________________________________________________________________________
2. To compare two logs, you can position the two Event Viewer windows side by side. Snap one
Event Viewer window to the right of your screen by dragging the window to the right edge of
the screen, and then snap the other Event Viewer window to the left of your screen.
3. Widen or narrow the panes in each window so you can see the events listed in each window.
In a troubleshooting situation, you would look for differences in the two logs to help you find
the source of a problem.
4. Close both Event Viewer windows.

Review Questions
1. Judging by its location in Control Panel, what type of tool is Event Viewer?

University of the Fraser Valley Lab 5 - Page 5 of 6

CIS 190 Systems Hardware Concepts Course Lab 5

________________________________________________________________________
2. What is the file extension that Event Viewer assigns to its log files?

________________________________________________________________________

3. How can you examine events after you have cleared them from Event Viewer?

________________________________________________________________________

________________________________________________________________________

4. Explain how to compare a log file with the current set of listed events:
________________________________________________________________________
________________________________________________________________________
5. Why might you like to keep a log files of events that occurred when your computer started
correctly? List the steps to create a log of a successful startup:
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________

**** Please hand in this report at the end of the lab. *****

University of the Fraser Valley Lab 5 - Page 6 of 6