Windows XP constantly monitors your system for unusual or noteworthy occurrences. It might be a service that doesn’t start, the installation of a device, or an application error. These occurrences are called events, and Windows XP tracks them in three different event logs:
Application. This log stores events related to applications, including Windows XP programs and third-party applications.
Security. This log stores events related to system security, including logons, user accounts, and user privileges. Note that this log doesn’t record anything until you turn on Windows XP’s security auditing features. You do this by opening the Group Policy Editor and selecting Computer Configuration, Windows Settings, Local Policies, Audit Policy. You can then enable auditing for any of the several polices listed.
System. This logs stores events generated by Windows XP and components such as system services and device drivers.
Note
The System log lists device driver errors, but remember that Windows XP has other tools that make it easier to see device problems. As we discussed in Chapter 9, Device Manager displays an icon on devices that have problems, and you can view a device’s property sheet to see a description of the problem. Also, the System Information utility (Msinfo32.exe) reports hardware woes in the System Information, Hardware Resources, Conflicts/Sharing branch and the System Information, Components, Problem Devices branch.
You should scroll through the Application and System event logs regularly to look for existing problems or for warnings that could portend future problems. (The Security log isn’t as important for day-to-day maintenance. You need to use it only if you suspect a security issue with your machine; for example, if you want to keep track of who logs on to the computer.) To examine these logs, you use the Event Viewer snap-in, available either via selecting Start, Run and entering Eventvwr.msc or by launching Control Panel’s Administrative Tools icon and selecting Event Viewer. Figure 12-7 shows a typical Event Viewer window. Use the tree in the left pane to select the log you want to view: Application, Security, or System.
When you select a log, the right pane displays the available events, including the event’s date, time, and source, its type (Information, Warning, or Error), and other data. To see a description of an event, double-click it or select it and press Enter.
Insider Secret
Rather than monitoring the event logs by hand, Windows XP comes with a couple of tools that can help automate the process. The Eventquery.vbs script enables you to query the log files for specific event types, IDs, sources, and more. Search Windows XP’s Help And Support Center for "eventquery" to get the script’s command-line syntax. Also, you can set up an event trigger that will perform some action when a particular event occurs. You do this using the Eventtriggers.exe utility. Search the Help And Support Center for "eventtriggers" to get the full syntax for this tool.