KB14911: How to open and read the content of files with extensions ‘evt, txt, cvs’ from Windows Event Viewer

In Microsoft Windows XP – 2000 -2003, an event is any significant occurrence in the system or in a program that requires users to be notified, or an entry added to a log. The Event Log Service records application, security, and system events in Event Viewer. With the event logs in Event Viewer, users can obtain information about their hardware, software, and system components, and monitor security events on a local or remote computer. Event logs can help to identify and diagnose the source of current system problems, or help predict potential system problems.
 
Event Log Types:
A Microsoft Windows family XP – 2000 - 2003 -based computer records events in the following three logs:
 

• Application log - The application log contains events logged by programs. For example, a database program may record a file error in the application log. Events that are written to the application log are determined by the developers of the software program.
• Security log - The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. A user must be logged on as Administrator or as a member of the Administrators group in order to turn on, use, and specify which events are recorded in the security log.
• System log - The system log contains events logged by Windows XP system components. For example, if a driver fails to load during startup, an event is recorded in the system log. Windows XP predetermines the events that are logged by system components.

 
How to View Event Logs:

• In Windows XP, click Start > Control Panel > Performance and Maintenance > Administrative Tools and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
• In Windows Server 2000 or 2003, click Start > Programs > Administrative Tools > Event Viewer.
• Via the Command Line for Windows XP or 2000 or 2003, click Start > Run > eventvwr.msc > OK.

How to View Event Details:
In the details pane, double-click the event to be viewed. The 'Event Properties' dialog box containing header information and a description of the event.
 
How to Interpret an Event:
Each log entry is classified by type,and contains header information and a description of the event.
 
Event Header:
The event header contains the following information about the event:

• Date: The date the event occurred.
• Time: The time the event occurred.
• User: The user name of the user that was logged on when the event occurred.
• Event ID: An event number that identifies the event type. The Event ID can be used by product support representatives to help understand what occurred in the system.
• Source: The source of the event. This can be the name of a program, a system component, or an individual component of a large program.
• Type: The type of event. This can be one of the following five types: Error, Warning, Information, Success Audit, or Failure Audit.
• Type > Category: A classification of the event by the event source. This is primarily used in the security log.

 
Event Types:
The description of each event that is logged depends on the type of event. Each event in a log can be classified into one of the following types:

• Information: An event that describes the successful operation of a task, such as an application, driver, or service. For example, an Information event is logged when a network driver loads successfully.
• Warning: An event that is not necessarily significant, however, may indicate the possible occurrence of a future problem. For example, a Warning message is logged when disk space starts to run low.
• Error: An event that describes a significant problem, such as the failure of a critical task. Error events may involve data loss or loss of functionality. For example, an Error event is logged if a service fails to load during startup.
• Success Audit (Security log): An event that describes the successful completion of an audited security event. For example, a Success Audit event is logged when a user logs on to the computer.
• Failure Audit (Security log): An event that describes an audited security event that did not complete successfully. For example, a Failure Audit may be logged when a user cannot access a network drive.

 
How to Find Events in a Log:
The default view of event logs is to list all its entries. If users want to find a specific event or view a subset of events, they can either search the log or apply a filter to the log data.
 
How to Search for a Specific Log Event:
To search for a specific log event, follow the steps below:

1. Click Start > Control Panel > Performance and Maintenance > Administrative Tools > Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer and then click the log that contains the event to be viewed.
3. On the View menu, click Find.
4. Specify the options for the event in the Find dialog box, and then click Find.

The event that matches the search criteria is highlighted in the details pane. Click Find Next to locate the next occurrence of an event as defined by the search criteria.
 
How to Filter Log Events:
To filter log events, follow the steps below:

1. Click Start > Control Panel > Performance and Maintenance > Administrative Tools > Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer and then click the log that contains the event to be viewed.
3. On the View menu, click Filter.
4. Click the Filter tab (if it is not already selected).
5. Click the Filter tab (if it is not already selected).
6. Only events that match the filter criteria are displayed in the details pane.
7. To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults.