Windows Event Viewer — Reading Critical Errors and System Logs
About Windows Event Viewer
Guide to using Windows Event Viewer to diagnose critical errors, read system and application logs, and identify the root cause of crashes and failures. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: Event Viewer (eventvwr.msc) collects system, security, and application event logs. Critical and Error level events indicate failures that need attention. Event ID combined with Source uniquely identifies the type of event. Custom Views > Administrative Events shows all errors and warnings across all logs. Events include timestamps, source process, error codes, and detailed descriptions. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: System crashes generating critical events in the System log. Application failures creating error events in the Application log. Driver failures logging errors with source names like disk, WHEA, or the driver name. Security events tracking login failures, permission denials, and audit events. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Open Event Viewer: Win+R > eventvwr.msc or right-click Start > Event Viewer. Check recent critical events: Custom Views > Administrative Events (pre-filtered for errors). For BSODs: System log > source 'BugCheck' shows the stop code and parameters. For app crashes: Application log > source 'Application Error' or 'Windows Error Reporting'. Filter events: right-click a log > Filter Current Log > select Level and time range. Export logs for support: right-click log > Save All Events As > .evtx file. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Windows Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
What event log should I check for BSODs?
Check the System log for source 'BugCheck' (the BSOD stop code). Also check 'Microsoft-Windows-WER-SystemErrorReporting' and 'WHEA-Logger' for hardware errors.
Overview
Guide to using Windows Event Viewer to diagnose critical errors, read system and application logs, and identify the root cause of crashes and failures.
Key Details
- Event Viewer (eventvwr.msc) collects system, security, and application event logs
- Critical and Error level events indicate failures that need attention
- Event ID combined with Source uniquely identifies the type of event
- Custom Views > Administrative Events shows all errors and warnings across all logs
- Events include timestamps, source process, error codes, and detailed descriptions
Common Causes
- System crashes generating critical events in the System log
- Application failures creating error events in the Application log
- Driver failures logging errors with source names like disk, WHEA, or the driver name
- Security events tracking login failures, permission denials, and audit events
Steps
- 1Open Event Viewer: Win+R > eventvwr.msc or right-click Start > Event Viewer
- 2Check recent critical events: Custom Views > Administrative Events (pre-filtered for errors)
- 3For BSODs: System log > source 'BugCheck' shows the stop code and parameters
- 4For app crashes: Application log > source 'Application Error' or 'Windows Error Reporting'
- 5Filter events: right-click a log > Filter Current Log > select Level and time range
- 6Export logs for support: right-click log > Save All Events As > .evtx file