The Event Viewer in Windows is a centralized log service utilized by applications and operating system components to report events that have taken place, such as a failure to complete an action or to start a component or program.
There are several sections in the Event Viewer, such as Application and Security under Windows Logs and Applications and Services Logs. The lists of events in each section in the Event Viewer cumulate over time and the lists can get very long and bog down the loading time of the Event Viewer. It can also make it difficult to find problems. You might even encounter a message telling you the event log is full.
This article explains how to export event logs to back them up, how to clear them, and how to increase the size of an event log.
Export an Event Log
It is recommended that you export an event log to back it up before clearing it. To do this, right-click on the log you want to export in the tree on the left side of the Event Viewer window and select Save All Events As from the popup menu. Use the arrows to the right of the tree items to expand and collapse the different sections of the tree.
NOTE: You can also click Save All Event As in the Actions list on the right side of the window. The name of the selected log displays as a heading above the available options.
If you don’t see the available options that are also available on the popup menu under the name of the selected log, click the down arrow on the heading to expand the list.
On the Save As dialog box, navigate to where you want to save your event log file. Enter a name for the saved log file in the File name and choose a file type from the Save as type drop-down list.
NOTE: You can save your log file as an Event File (.evtx), an XML file (.xml), a tab-delimited file (.txt), or a comma-separated file (.csv). The only file type that you can import again into the Event Viewer is the .evtx type. The other types allow you to view your log data outside of the Event Viewer, but the files cannot be imported back into the Event Viewer.
Click Save to save the event log to a file.
If you selected the .evtx file type, the Display Information dialog box displays. If you want to be able to import the log data into the Event Viewer on another computer, you may need to include display information with the exported log file. Select the Display information for these languages radio button. If you need another language, select the Show all available languages check box and select the check box for your desired language, if available. Click OK.
A directory containing the metadata for your locale is written to the same directory as the log file you saved.
Open a Saved Log
To open a log file you exported as a .evtx file, select Open Saved Log from the Action menu.
On the Open Saved Log dialog box, navigate to where you saved your .evtx file, select it, and click Open.
Clear an Event Log
Once you have exported a log, you can easily clear it. To do so, select Clear Log from the Action menu.
NOTE: You can also right-click on the log and select Clear Log from the popup menu or click Clear Log in the Actions list on the right side of the Event Viewer window.
A dialog box displays allowing you to save the log before you clear, in case you haven’t already exported it. If you click Save and Clear, the same Save As dialog box mentioned earlier displays and the Display Information dialog box displays, if you select the .evtx file type. If you have already saved your log file, click Clear to clear the log.
Increase the Maximum Size of an Event Log
If you have received a message that the event log is full, you may want to increase the maximum size allowed for that log. To do this, right-click on the desired log and select Properties from the popup menu.
NOTE: Again, you can access the Properties option from the Action menu or in the Actions list.
The Log Properties dialog box displays. To increase the maximum size allowed for the selected log, click the up arrow on the Maximum log size edit box to change the number (in kilobytes). You can also highlight the current number and type a new number.
Select an action to take when the maximum event log size is reached. You can choose to Overwrite events as needed, starting with the oldest events, to Archive the log when full, which does not overwrite any events, or Do not overwrite the events, which means you must clear the event log manually.
You can also clear the selected log on the Log Properties dialog box by clicking Clear Log. Click OK when you have finished making your changes.
To close the Event Viewer, select Exit from the File menu.
The Windows Event Viewer is a useful tool for obtaining information about your hardware, software, and system components. It can help you identify current system problems, like why your computer crashed, or what caused the latest problem with a specific program.
by Lori Kaufman