Windows 10: How to decipher and understand windows event logs

Dear community,I need some assistance on how to decipher and understand when I was active on my w11 desktop pc.I have tried to analyse the logs on my own, also by using tools provided by nirsoft, to no avail.the idea to check around on fiverr also came into my mind, but I am not sure whether I will put myself or my private data at risk by sharing the event logs to people online.Ive tried to reach out to Microsoft too, but it is hard to get in touch with the correct person/department and I feel like a ping pong ball when reaching out to them.the result will be used in a court case, where I am t

:)

 

Understanding the Event Data of Event Viewer logs in XML format

Hi Fausto,



Thank you for writing to Microsoft Community Forums.



I appreciate your interest in understanding the Event Viewer log files in XML format. As you mentioned that you are unable to understand the %% code, I would suggest you to refer the articles

Windows Event Log and
EventData.



You can also post your query in
MSDN forums, where we have expertise and support professionals who are well equipped with the knowledge of reading Event Viewer logs in XML format.



Regards,

Prakhar Khare

Microsoft Community – Moderator

 

Event "Error" Log Repair required (Windows 10)

Hi,





There are a lot of
possibilities why these errors occur in
your event logs. The errors depends on what it is related to. It could be your
application, drivers, firmware, hardware, or your storage devices. You can check this
link for further information regarding event log issues.



We suggest that you perform these following methods of troubleshooting steps and check if there's any changes:



Method 1: Update your drivers.

To know how to update your drivers, click
here.



Method 2:
Run SFC Scan.  

To run an
SFC scan, follow these steps:  

• 
  Run
  Command Prompt as Administrator.  
  
• 
  Type
  sfc /scannow
  and hit
  Enter.   
  

Method 3:
Run DISM Tool.  

To run
DISM Tool, follow these steps:

• 
  Run
  Command Prompt as Administrator.  
  
• 
  Type the following command:  
  
  • 
    DISM.exe /Online /Cleanup-image /scanhealth  
    
  • 
    DISM.exe /Online /Cleanup-image /Restorehealth  
    
  
  
  

NOTE:
This might take a while to finish scanning.
Do not cancel. 



Method 4: Clean Boot.

To perform a
Clean Boot, click
here.



Note:
Reset the computer back to
Normal Mode
once you are done with the troubleshooting by following the section
"How to reset the computer to start normally after clean boot troubleshooting"
from the same article.



Let us know how it goes.



Regards.

 

Isn't it a bug in windows event log? TypesSupported dosnt work!

Hello ,

Good to see you in Microsoft Community.

If you want to configure the Windows event log to write only error, warning, or failure messages into log files, you can try the following steps:

HLM\SYSTEM\CurrentControlSet\Services\EventLog\TypesSupported is a parameter in the Windows registry used to configure event log levels. It determines which event levels should be logged. Before setting this parameter, it is necessary to understand the values and meanings associated with it:

• 0x00000001: Indicates that the Critical level of the event log should be logged.
  
• 0x00000002: Indicates that the Error level of the event log should be logged.
  
• 0x00000004: Indicates that the Warning level of the event log should be logged.
  
• 0x00000008: Indicates that the Information level of the event log should be logged.
  
• 0x00000010: Indicates that the Verbose level of the event log should be logged.
  
• 0x00000020: Indicates that the Audit Success level of the event log should be logged.
  
• 0x00000040: Indicates that the Audit Failure level of the event log should be logged.
  

To make Windows Event Viewer only log Warning, Error and Audit Failure level logs, follow these steps:

1. Open the Registry Editor and navigate to the follow path
   
   
   
   
   
   
2. Find the TypesSupported item corresponding to the appropriate event log level respectively, and modify its DWORD value data to 0x00000046, which is 0x00000002 + 0x00000004+ 0x00000040.
   
3. Save the changes and close the Registry Editor.
   
   Disclaimer: Generally, modifying registry subkeys or workgroups is intended for advanced users, administrators, and IT Professionals. It can help fix some problems, however, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For further protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click How to back up and restore the registry in Windows (microsoft.com) to view the article.
   

If anything is unclear, please do not hesitate to let me know.

Best Regards,

| Microsoft Community Support Specialist