Managing Events in Event Viewer

B

Bill T.

I was reading about improving system performance by looking at events in
Event Viewer, applying actions to correct events, then deleting them. My
question is if i have a critical event that i found or any event for that
matter, how do i figure out what caused the event and then what action to
take to fix it? Is it ok to clear these events? Do i even need to worry
about them anyway? Any info would be appreciated. Thanks
 
A

alexB

I am not sure you should delete events. They are just records of what
happened to your system, like notes. It is like trying to undo WWI by
erasing all records about it.

However, it is a very useful tool. I'll give you an example. There is this
nagging question of USB controllers not working on some of the Vistas. I've
got 3 machines with Vista and on one of them I have it on two partitions.
I've had this problem on only one machine.

This morning I tried to plug in a memory stick, got an error, the computer
wanted to upgrade the driver, I said OK, error came back that the driver
could not be found, I redirected the search to Windows\system32 folder. The
driver was found but Vista could not install it.

I went to the vent log. There were like 10 errors time stamped precisely by
the moment I did it. You go to Custom View>.Administrative Events

Double click on the very top error (the very last) in the middle pane. You
will get a window (GUI): Event Properties. On General Tab there is a link:
Event Log Online Help.

Click on that. You will get a page of MS help on this error.

Now what about the error? There is a verbose description on the top but you
should also click the other tab: Details. under that tab you will se an xml
file with detailed description (of course in technical code but still
readable) of what that error is. One of the frequent errors is:

0x80000000000000

If it were all zeroes, there is no error. I think 800.. means the file was
not found, most likely a driver. On that webpage there will be a detailed
description of various errors including the one above.

In my case I was able to determine rather quickly that all files with *usb*
(with wildcats) characters in windows\inf numbered 20 in my system where I
could not make the connection. When I went to another system, in the same
folder I had 26 files. So, 6 files are missing. I also checked Business
Vista on the other partition and it also has 26 usb related files. So I am
planning to add those 6 files because that website clearly stated that the
inf file could no find certain file sit wanted.

Does it make sense? It needs some time to set in though.
 
B

Bill T.

Alex, thank you for explaining that to me. I guess i am just someone who
needs to know why things happen, and how to correct them. Maybe i am getting
concerned over nothing. I guess as long as the computer is running ok i will
not worry about it.Again thanks for the info!
 
A

alexB

I have three systems with Vista and am getting the fourth one. One of them
works perfectly fine because I have one stable app and an HP photo printer
attached. That's all. I am mostly into app development. However, I am forced
to download a lot of stuff every day on two other machines. It frequently
screws my systems up and I have been forced to stop my development and try
to learn more about the system management.

Also I want finally to tune my computers up to the point of maximum
performance.

The moral of the story: if you have stable needs and you machine is working
fine for you, forget about the event log.
 
J

John Bryntze

AlexB's posts are excellent, just wanted to add these:

Event Viewer logs can be filled with useless information but also include
warnings that your system might get unstable...and if you don't look into
these warnings your system could be unstable or even crash.
There is different entires, information is usually not so interesting, but
you have warnings and critical errors and those you should look up.

If you manage more than one Vista machine you can subscribe event and have
one as a master machine and forward specific entries from other machines into
your master machine, I wrote an article about that here:
http://john.bryntze.net/jbkb/index.php?title=Vista-kb11_Collect_Event_Viewer_data_remotely
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Clearing Custum Views in Event Viewer 1
Event Viewer 1
Vista Event Viewer SUCKS! 1
Event Viewer Question 13
Event Viewer 5
windows firewall/notifications in event viewer. 1
System Restore error (create restore point), event ID: 8193 12
Event Viewer 10

Top