Logging to windows event viewer

System Requirements

FullEventLogView vs MyEventViewer

Versions History

• Version 1.61:
  • Fixed some high DPI mode issues.
• Version 1.60:
  • Added ‘Tray Balloon On New Event’ option. This feature is active only when both ‘Put Icon On Tray’ and ‘Auto Refresh’ options are turned on. When it’s active, FullEventLogView displays every new event in a tray balloon.
  • Added ‘Start As Hidden’ option. When this option and ‘Put Icon On Tray’ option are turned on, the main window of FullEventLogView will be invisible on start.
• Version 1.58:
  • Added ‘New FullEventLogView Instance’ under the File menu, for opening a new window of FullEventLogView.
• Version 1.57:
  • Added ‘Log File’ column, which displays the log filename if the event was loaded directly from .evtx or .etl file.
• Version 1.56:
  • In the the channel and provider fields of the ‘Advanced Options’ window — you can now choose the desired channel/provider from a combo-box.
• Version 1.55:
  • When reading .etl files that store the event data inside EventPayload element of the XML, FullEventLogView now automatically converts the EventPayload from hexadecimal string to readable text, and displays it as the decsription of the event.
    For example, you can use this feature to view the Windows Update logs from C:\windows\logs\WindowsUpdate on Windows 10.
  • Added ‘Copy Clicked Cell’ option to the right-click context menu, which copies to the clipboard the text of cell that you right-clicked with the mouse.
• Version 1.53:
  • Fixed bug: Wildcards didn’t work when using the ‘Search in full description string’ option.
  • Fixed to save the ‘Case Sensitive’ option of the Quick Filter in the .cfg file.
• Version 1.52:
  • Added ‘Select All’ and ‘Deselect All’ to the ‘Column Settings’ window.
• Version 1.51:
  • Added the ‘Clear All Events Of Selected Channel’ option to the context menu.
  • Increase the maximum size of the description filter string.
• Version 1.50:
  • Fixed bug: FullEventLogView remained in memory if you closed the main window during events scanning.
  • Added ‘Clear All Events Of Selected Channel’ option (Under the file menu). For example: If you select an event that its channel is ‘System’, using this option will delete all system events.
  • Added /ClearChannelEvents command-line option, which clears all events of the specified channel, for example:
    FullEventLogView.exe /RunAsAdmin /ClearChannelEvents «Microsoft-Windows-Bits-Client/Operational»
  • Added 2 modes to description filter: ‘Search in description parameters’ and ‘Search in full description string’. In previous versions, the search was made inside description parameters, but some people reported it’s a bug. The search is now made by default inside the full description string, but this search mode is slower because it requires to load the metadata and format the description string before the filtering process.
• Version 1.38:
  • Fixed bug: When trying to export events of remote computer from command-line, FullEventLogView loaded the events from local computer.
• Version 1.37:
  • Added ‘Case Sensitive’ option to the Quick Filter window.
• Version 1.36:
  • Added /RunAsAdmin command-line option for running FullEventLogView as administrator.
• Version 1.35:
  • Added new options to the ‘Quick Filter’ feature, including the option to filter the list by Event ID.
• Version 1.32:
  • When choosing to load only specific event IDs (From ‘Advanced Options’ window), the loading process is much faster.
• Version 1.31:
  • Fixed bug: When connecting a remote computer the following error was displayed — Error 50: The request is not supported.
• Version 1.30:
  • Fixed bug: FullEventLogView failed to display the event strings in the lower pane (‘Show Event Data + Description’ mode) and in the columns (‘Show Event Strings In Columns’ option).
  • You can now resize the properties window, and the last size/position of this window is saved in the .cfg file.
  • You can now send the data to stdout by specifying empty string as filename, for example:
    FullEventLogView.exe /scomma «» | more
• Version 1.28:
  • Fixed the lower pane to use the right font size in high DPI mode.
  • Added option to choose another font (name and size) to display in the main window.
• Version 1.27:
  • When exporting items with multiline description to tab-delimited file (Including the ‘Copy Selected Items’ option), FullEventLogView now put the description in quotes to ensure the exported data will be displayed properly in Excel and other programs.
• Version 1.26:
  • Added support for saving as JSON file.
• Version 1.25:
  • Added ‘Show Event Strings In Columns’ option (Under the Options menu). When it’s turned on, 10 new event string columns are added to the main table (‘String 1’, ‘String 2’, ‘String 3’. ). These columns display the strings from the event decsription and you can click the column header in order to sort the events according to the event strings.
• Version 1.22:
  • Fixed bug: On some systems, FullEventLogView missed some of the events when using a time filter.
• Version 1.21:
  • Added /cfg command-line option, which instructs FullEventLogView to use a config file in another location instead if the default config file, for example:
    FullEventLogView.exe /cfg «%AppData%\FullEventLogView.cfg»
• Version 1.20:
  • Added option to filter according to strings of the event description (In ‘Advanced Options’ window).
  • Added ‘Quick Filter’ feature (View -> Use Quick Filter or Ctrl+Q). When it’s turned on, you can type a string in the text-box added under the toolbar and FullEventLogView will instantly filter the events table, showing only lines that contain the string you typed.
  • Fixed the lower pane to switch focus when pressing tab key.
• Version 1.12:
  • Added option to specify time range in GMT (‘Advanced Options’ window).
  • Fix bug: When using /SaveDirect command-line option, the file was always saved according to the default encoding, instead of using the selected encoding in Options -> Save File Encoding.
• Version 1.11:
  • Fixed bug: the process of exporting large amount of event log items from command-line was very slow, even when using /SaveDirect.
• Version 1.10:
  • Added option to automatically read archive log files (In ‘Choose Data Source’ window). This option works only when you run FullEventLogView as administrator.
• Version 1.06:
  • Fixed FullEventLogView to display event description properly when reading .evtx files from shadow copy (e.g: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\winevt\Logs )
  • Fixed bug: FullEventLogView displayed error message when trying to read .etl files.
• Version 1.05:
  • FullEventLogView now displays an error message if it fails to load events from external evtx file or from remote computer.
  • Added ‘Choose Data Source’ icon to the toolbar.
• Version 1.00 — First release.

Start Using FullEventLogView

If you want to load the events from remote computer on your network or from event log files (.evtx), you should use the ‘Choose Data Source’ window (F7).

Lower Pane Display Mode

Refresh (F5) And Smooth Refresh (F8)

Auto Refresh Mode

Run As Administrator

Command-Line Options

/ChannelFilter [1 — 3] /EventIDFilter [1 — 3] /ProviderFilter [1 — 3] /ChannelFilterStr [Filter String] /EventIDFilterStr [Filter String] /ProviderFilterStr [Filter String] . . .

You can use any variable inside the .cfg file in order to set the configuration from command line, here’s some examples:

In order to show only events with Event ID 8000 and 8001:
FullEventLogView.exe /EventIDFilter 2 /EventIDFilterStr «8000,8001»

In order show only events from Microsoft-Windows-Dhcp-Client/Admin channel:
FullEventLogView.exe /ChannelFilter 2 /ChannelFilterStr «Microsoft-Windows-Dhcp-Client/Admin»

In order to read events from .evtx files stored in c:\temp\logs :
FullEventLogView.exe /DataSource 3 /LogFolder «c:\temp\logs» /LogFolderWildcard «*»

In order to read events from remote computer:
FullEventLogView.exe /DataSource 2 /ComputerName «192.168.0.70»

In order to export events from remote computer into .csv file:
FullEventLogView.exe /scomma «c:\temp\remote_events.csv» /DataSource 2 /ComputerName «192.168.0.50»

You can find more command-line examples in the following Web pages:
How to export Windows events of remote computer to csv file from command line
How to export Windows events stored in .evtx file to csv file from command line

/ClearChannelEvents Clear all events of the specified channel, for example:
FullEventLogView.exe /RunAsAdmin /ClearChannelEvents «Microsoft-Windows-WLAN-AutoConfig/Operational» /cfg Start FullEventLogView with the specified configuration file. For example:
FullEventLogView.exe /cfg «c:\config\felv.cfg»
FullEventLogView.exe /cfg «%AppData%\FullEventLogView.cfg» /RunAsAdmin Run FullEventLogView as administrator. /stext Save the event log items into a simple text file. /stab Save the event log items into a tab-delimited text file. /scomma Save the event log items into a comma-delimited text file (csv). /stabular Save the event log items into a tabular text file. /shtml Save the event log items into HTML file (Horizontal). /sverhtml Save the event log items into HTML file (Vertical). /sxml Save the event log items into XML file. /sjson Save the event log items into JSON file. /SaveDirect Save the event log items in SaveDirect mode. For using with the other save command-line options ( /scomma, /stab, /sxml, and so on. ) When you use the SaveDirect mode, the event log items are saved directly to the disk, without loading them into the memory first. Be aware that the sorting feature is not supported in SaveDirect mode. /sort This command-line option can be used with other save options for sorting by the desired column. The parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like «Record ID» and «Event ID». You can specify the ‘

‘ prefix character (e.g: «

Channel») if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns.

5 best Windows 10 event log viewers

Event log viewers are programs that track important events on your computer. Every app or program that runs on your computer leaves a trace in the event log, and before apps stop or crash, they post a notification. Every single event or change made on your computer is registered in the event log.

In other words, an event viewer is a program that scans long text log files, groups them and adds a simpler interface on huge amounts technical data. In case your computer doesn’t work properly, event viewers are essential because they offer you important information on the source of the problem.

Windows 10 comes with its own built-in event log viewer that offers users an in-depth image about the processes taking place on their computers. If you want to analyze particular event information, you can also use third-party event viewers.

Best Windows 10 event log viewers

Windows Event Log Viewer

Many Windows users rely on this built-in tool to check the events that take place on their computers. This tool has two major advantages: it’s already installed on your computer and has a very intuitive interface. You can launch the Windows Event Log Viewer by typing “event viewer” in the search bar.

The tool’s screen is divided in three parts: the event categories are located in the left-hand sidebar, details about log events can be found in the middle section of the window, while the available actions are listed in the right-hand sidebar.

The Windows Event Log Viewer offers reports about five log events:

• Application events: reports about app/ program issues.
• Security events: reports about the results of security actions.
• Setup events: mainly refers to domain controllers.
• System events: these are reports sent by Windows system files about the issues encountered, and are usually self-healing issues.
• Forwarded events: these arereports sent by other computers.

Event Log Explorer

This event log viewer allows users to view, analyze and monitor events recorded in Windows’ event logs. Event Log Explorer is better than Microsoft’s own Event Log Viewer, bringing more features to the table. Thanks to this tool, users can analyze various event logs: security, application, system, setup, directory service, DNS and more.

Other features include:

• Instant access to event logs – Event Log Explorer works with both local and remote event logs, as well as with event log files in EVT and EVTX format.
• Efficient filtering – filter by event descriptions using regular expressions, filter by security event parameters or you can build complex filters and organize them into a filter library.
• Export events and report generator – export and print events.

You can download Event Log Explorer from Event Log for free.

MyEventViewer

MyEventViewer is another interesting, simpler alternative to Microsoft’s Event Log Viewer. This tools lets you watch multiple event logs in one list, together with event description and data. No installation process or additional DLL files are required to run this software, all you need to do is to launch the executable file.

Other features include:

• It packs only the main features and options you need to monitor your system.
• The simplistic interface is very user friendly.
• You can view the events from a remote computer.
• Certain events can be hidden from specific users.
• Events can be filtered using a series of criteria.

You can download MyEventViewer from NirSoft for free.

FullEventLogView

This is NirSoft’s most recent event viewer, it was released on September 9, 2016. FullEventLogView is a simple tool for Windows 10 that displays the details of all Windows events in a table. With this tool you can view the events of your local computer, events of a remote computer on your network, and you can also export these events.

FullEventLogView is the upgraded version of MyEventViewer: “MyEventViewer is a very old tool […]. The old programming interface still works even on Windows 10, but it cannot access the new event logs added on Windows Vista and newer systems. […] FullEventLogView uses the new programming interface, so it displays all events.”

You can download FullEventLogView from NirSoft for free.

SentinelAgent

SentinelAgent is a cloud-based Windows monitoring software. This tool registers, stores and analyzes event logs, performance metrics and system inventory from any Windows PCs, tablets and servers on your network.

SentinelAgent is available for home users, small and medium businesses and enterprise clients. SentinelAgent for home users notifies you when your devices are having problems, and help you identify the source of the problem as well. No configuration is necessary, as the tool is already pre-configured to monitor specific computer performance elements and alert you by email as soon as issues are detected.

Other features include:

7 Days Data Retention (Rotating) Monitor All Your Machines From 1 Account Pre-Configured Notifications for CPU/Disk Errors Pre-Configured Notifications for Event ID Errors No Ads. No Bloat. Network Installation Ready 2.7 Mb Disk Space Required.

You can download SentinelAgent for home users for free.

We hope this top 5 Windows 10 event log viewers help you to choose the tool that best suits your monitoring needs. Have you already tried out some of the event viewers listed in this article? Tell us more about your experience in the comment section below.

RELATED STORIES YOU NEED TO CHECK OUT: