How to Check Computer Log in Windows?

chunanBy
check computer log

Windows stores all events that happen in your computer system for future reference in the Windows Event Viewer. It is a built-in program that tracks every event in your computer system. Events like simple computer shutdowns, Windows startup, Computer crashes, and not-responding errors are all recorded in the Event Viewer.

You can even check a computer’s login record for parental controls or security. So, let’s go through this guide to check your computer’s log history.

How to Check Computer Login History?

The computer classifies the logs into three categories: information, warnings, and errors. They denote the severity of each of the logs. The computer login is an informative log. There are a couple of ways to check login.

Using Event Viewer

Besides the log-in history on the windows Event Viewer program, you also get detailed information about the event and its time. Here’s how you check your computer log:

  1. Go to the search bar and type Event viewer.
  2. Expand Windows logs on the left panel, and click on Security.
  3. The middle panel will show you all the event log-on of your computer system. It includes all credential shared information, including logins and logouts of windows.
    Windows-EventViewer-Security-Info

The event ID denotes the kind of event that took place. Event ID 4624 denotes a successful account log-on, whereas Event ID 4625 denotes a failed account log-on.

You can also filter the logs by event ID. You can create a custom log by following these steps:

  1. Click on Filter Current Log on the right panel.
  2. Drop down the “logged” menu to choose the time range of the logs. Choose the option according to your needs.
    Windows-EventViewer-FilterCurrentLog
  3. Type the event ID in the input bar labeled <All Event IDs>. For example, type 4626 for account log on, and click OK.
  4. This will filter out all the events with that event ID. You can click on the specific event and go to the Details section to get more details about that event.

The event log also tracks background events that may not always be visible to the user. You can also look for ID 1102 to check if any other logs were cleared.

Using Powershell

You can filter and list all the logs directly in Windows PowerShell. Follow these steps to learn how to do it:

  1. Press Windows + X and click on Windows PowerShell(admin).
  2. Copy and paste this command in the shell.
    Get-EventLog security | Where-Object {$_.TimeGenerated -gt '2/10/20'} | Where-Object {($_.InstanceID -eq 4634) -or ($_.InstanceID -eq 4624)} | Select-Object Index,TimeGenerated,InstanceID,Message
    Windows-Login-Info-Terminal-Command
  3. Press enter, and it will list all the log-on and log-offs in the time frame.

How to Check System Crash Logs?

Although the Event Viewer program records all events, it is mostly used for pinpointing computer crashes and errors. It records all the details about any event, including the time, the processor state, and exactly what caused the error. The error code in the logs can provide in-depth details about the errors and crashes. These steps will show you how to check for errors in the Event Viewer program.

  1. Open the Event viewer program.
  2. Navigate to the left bar and expand ‘Windows Logs
  3.  Click on the System. This will give you a list of all the system events. It may be informative or warnings or errors. The white icon represents information, the yellow icon represents a warning, and the red sign represents errors and crashes.
    Windows-EventViewer-Error-Info
  4. You can filter out the errors and crashes by navigating to the filter current log button on the rightmost panel.
  5. Tick the error box under Event level and click ok. This will filter out all the recorded errors of the computer system under the chosen time frame.

Clicking on the error and going to the ‘Details’ section next to General will show you detailed information about the error.

How to Check MiniDump Logs for BSODs?

The blue screen of death(BSOD) creates a minidump file which you can read in the Event Viewer. But you can also use a tool called WinDbg debugging tool to find out the cause of the error.

You can check errors from the mini dump files with these steps:

  1. Download and Install the Microsoft WinDbg preview app.
  2. Type WinDbg on the search bar and press Enter.
  3. Run the WinDbg Preview app as administrator.
  4. The minidump file is located at %windir%\Minidump. Press Ctrl + D and open  %windir%\Minidump.
  5. Open the minidump file.
  6. Type !analyze -v on the command line and press enter.
  7. Look for MODULE_NAME and ‘Probably caused by’ to rule out the exact file and cause of the error.

Look for the file on the internet to know more about the specific file and how to deal with it.

How to Create a Custom Filter View?

A custom filter view is a customized filter you can create for efficient event filtering. You can create a filter with specific event IDs so you can quickly check the events in the future. Follow these steps to make a custom Event filter.

  1. Click on the Create Custom View on the right panel.
  2. Input the desired Event ID on the <All Event IDs> input bar, choose the time frame, and click ok.
    Windows-EventViewer-CreateCustomView
  3. Name the event and the description as you wish and click OK.

This will create a custom filter in the left panel under Custom views. You can now open this filter anytime in the future by simply clicking on it.

I was always enthusiastic when it comes to technological advancements. Any chance to learn something new about computers excites me which is why i got into IT as well. Now I get to write about them as well.

Related Posts

Add A Comment

Leave A Reply