Hi, my name is Avril Salter and welcome to this short clip. What we are going to be taking a look at today is how I can use the Microsoft Event Viewer to take a look at some of the network messaging. Event Viewer is primarily for looking at what is happening in the Windows Client or the Windows Server, but there are some valuable network aspects that I can look at too.
Let’s bring up Event Viewer. The Event Viewer captures all the significant events that happens within the Windows environment and that includes some of the networking events as well. We are going to take a look at these Windows logs and the one we are going to select is the System Log.
The System Log would include events about Windows 7 such as services that are starting or stopping. It would also include hardware driver events, etc. Clearly, you can see here that I have over 61,000 events that have been logged, so we need to filter those down to something we are actually looking for.
On the right hand side, I am going to select Filter Current Log. This brings up a pop up window that then allows me to create my filter. If I just made some network changes I could select here, maybe the last 12 hours or 24 hours, etc. I can select the Type of Event, if I am looking for Critical Errors or Warnings. These are the dominant ones you want to take a look at. Here I have selected that I want the Systems Event Log and the source I am going to take a look for today is tcpip. I want to see what is happening to my Network connections. Select OK and then you can see that now all of my events have been filtered and I am just showing the tcpip events.
By clicking on one of these error messages it gives me a description in the box below about what the problem is. This was when I was actually redefining my network, when I was rewiring everything, and I was having problems connecting with my Desktop. You can see that the problem was I was getting an address conflict. Armed with this information I was then able to go off and troubleshoot that problem and get my network connected correctly.
The other thing I want to show you is how I can also take a look at the Microsoft Windows diagnostic networking capabilities. Here I am going to clear this filter and then I am going to re-filter it. This time instead of putting the Event source as tcpip, down here I am going to key in certain Event types. The Event types I am going to key in are numbers 4000, 5000, and 6100.
The [Event ID 4000] shows me that troubleshooting problems were presented to the user. 5000 shows me the results of how that user responded to those troubleshooting questions. 6100, that will actually give me the Windows diagnostic networking messages as well. You can see that it is sorted by the event type and you can see the event. I have just 10 events. You can see they go back to when I was networking my home office and you can see here that I have got some type 6100, and again that is the Microsoft windows diagnostic networking.
Here is when the diagnosis of the machine was presented to the user itself and here you can actually see that I ran that diagnostic and the result of that diagnostic was executed and was successful. Again, very interesting to go in here and select certain ID’s that you might be looking for to see what is happening in terms of the network when it comes to a Windows Client or Windows Server environment. Thank you for listening to this short clip.