August 29, 2016

152 Views

Event Viewer : Another coherent ally in the IT world

Introduction

Nowadays, several applications are used by users in different domains. In such a case, issues pertaining to software failure, malfunction or server crash, leads to a huge data loss. To overcome such scenarios, users can use Event viewer, a Windows application, used for viewing events that occur on respective desktops in case of a software failure or a server crash.

Event viewer as an application

Event viewer consists of basic five types of event logs. These are:

  1. Application: Events are occurred with type error, warning, and information.
    • Error: Depicts a certain problem, data loss etc.
    • Warning: Depicts a certain problem which can arise in the future.
    • Information: Depicts the successful operation of a running process.
  2. Setup: Gives additional log information of domain controllers. Event with a type, generally, information is seen here.
  3. Security: Generally named as audits, it reports about the operation success or failure, for example, whether system time was saved successfully or not.
  4. System: Gives event information related to system operation with type error, information, and warning.
  5. Forwarded events: Other computers forward events to this log.

Users can browse to this application with two ways:

  • Press windows button or click on start -> Control Panel-> Administrative tools-> Event viewer.
  • Press windows + R button -> type eventvwr

Importance of Event viewer

On experiencing a crash, there are several questions that generally crop up in mind. These are:

What are the conditions which led to this software crash or data loss? How this software behaves when crash or data loss occurs? What will be the impact on other processes, operation running on that particular box? What will be its respective business impact?

In such cases, checking the Event viewer is very important. Many times it happens that the user is checking data on the box, other than the one on which crash appeared. So, he can open Event viewer from his box and use option ‘Connect to another Computer’ in the Actions section as mentioned in steps below:

  1. Enter computer name or IP address.
  2. Check checkbox ‘Connect as another user’.
  3. Provide credentials in ‘Set User’ option.
  4. Click on ok followed by ok button.
    Note: Steps 2 and 3 are optional.

Generally, on crash/data loss, reports with extension .wer are generated by Windows Error Reporting (WER) in ReportArchive folder. The location of the ReportArchive folder is either of the following:

  • Users\
  • ProgramData\Microsoft\Windows\WER\ReportArchive (for reports in the computer store)

Thus, the user can check these reports and take its help in resolving such issues.

Automation regarding event generation

Events can be generated using command prompt with command event create.

EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "TEST MESSAGE"

You can learn more about this event viewer command by typing eventcreate/?

For use cases which need event generation with event id more than 1000, PowerShell is the solution here. The user needs to create a custom event log first, followed by the execution of event viewer commands leading to event generation as stated below:

  1. new-eventlog -logname Testing -source testsource2
  2. write-eventlog -logname Testing -source testsource2 -entrytype information -eventid 1001 -message "Test Message1”

Another way of generating huge amount of events usually for performance testing is by Event Generator.

Automation regarding reporting of events

To get instant information about crash/data loss, user can run task in task scheduler. Steps for creating task in Windows Task scheduler are stated below:

  1. Open control panel followed by Administrative Tools.
  2. Open Task scheduler. In the top right corner, click on Create basic task.
  3. Enter name and description of the task and click on Next button.
  4. In triggers, select the radio button depicting “When a specific event is logged”. Click on Next button.
  5. Select Log from the dropdown list. For Example: Application
  6. Select the respective source and event id. Click on Next button.
  7. Select the below options as per use cases:
    1. Start a Program: This option initiates a script when this event occurs.
    2. Send an email: Sends email containing information about which system and at what time the crash/data loss happened when this event occurs.
    3. Displays a message: Directly prompts on user’s screen when this event occurs.
  8. Click on Next button. Details at next level will appear as per the options selected above.
  9. Fill details correctly and click on the ‘Next’ button followed by the ‘Finish’ button.
  10. Click on Task scheduler library. Select the task created. Right click and select ‘Run’.

So, this application has a great significance in the IT world, be it analyzing event, checking automatically created crash reports, generating events, or its respective automation. It helps in troubleshooting problems and error with windows and other respective programs. Thus, developers or testers both can make a choice of this application in resolving their work on time and take one step ahead to maintain the work-life balance in this busy IT world.