Gather logs - Event Viewer

Topic

Export Event Viewer Logs

Our Support Team may require certain information to assist and possibly find the root cause of issue. In cases where the Studio, Robot or Admin are crashing on an OS level. Hard crashed, closing themselves with no apparent reason, here's where the Support Team, will require the Event Viewer logs. The following article will contain information on choosing, sorting and exporting them.

Information Types Stored by Windows Event Logs

The information types stored by Windows event logs cover five different event types/areas: security, application, setup, forwarded, and system events. These event logs are stored in the following folder: C:\WINDOWS\system32\config\. Here’s a brief breakdown of each of these event types.

Application Events

These events are incidents relating to software installed on a local device. For example, if an application like Microsoft Word experiences an error, the Windows event log generates an entry detailing this issue. The log entry will usually include the name of the application and why the application crashed, if known.

Security Events

A security event will store data based on audit policies for the Windows system. Typical security events might include resource access and login attempts. For instance, the security event log might store a new record when a user attempts to log in to a computer and the device tries to verify credentials.

Setup Events

This event type includes enterprise-centric events related to domain control—for example, log location following disk configuration.

System Events

A system event relates to Windows-specific system incidents, like device driver status.

Forwarded Events

Forwarded events, arrive from different machines using the same network. This happens when the administrator wants to take advantage of a computer collecting multiple logs.

Instructions 

1. Click Start and then type in Run.

   

    

2. In the Run panel, enter eventvwr.msc and select OK. This will open the Event Viewer.

   

    

3. When the application has opened, navigate to the left side panel and expand the "Windows Logs" folder. From there you will be able to chose the Application, Security, Setup, System options.

   

    

4. Once you have selected the option from the left panel, you can sort the logs if you want to look at them, but it is not necessary, as you will be exporting the whole event log for convenience sake.

   

    

5.  In the screen below, the Application logs are sorted to show all errors on top. In the middle section, the message related to the selected entry is shown. When you are done investigating, press the "Save All Events As..." option to export the whole selection.

   

    

6. Save the file in a convenient location so you can locate it again and naming convention is optional.

   

    

7. If the machine uses a different language than English, please select the English option to include it to the log for better readability.

   

    

8. The exported log should look like the below and the file format is set to .evtx by default.

   

    

9. Please attach the file to the email that you sent for your case.