Windows中的事件查看器(Event Viewer)是应用程序和操作系统组件用来报告已发生事件的集中式日志服务,例如无法完成操作或启动组件或程序。
事件查看器(Event Viewer)中有几个部分,例如Windows 日志和应用程序和服务日志下的(Applications and Services Logs)应用程序(Application)和安全(Security)性。事件查看器(Event Viewer)中每个部分的事件列表会随着时间的推移而累积,并且列表可能会变得很长,并且会拖慢事件查看器(Event Viewer)的加载时间。它也可能使发现问题变得困难。您甚至可能会遇到一条消息,告诉您事件日志已满。
本文介绍如何导出事件日志以进行备份、如何清除它们以及如何增加事件日志的大小。
导出 Windows 事件日志
建议您在清除之前导出事件日志进行备份。为此,请在事件查看器(Event Viewer)窗口左侧的树中右键单击要导出的日志,然后从弹出菜单中选择将所有事件另存为。(Save All Events As)使用树项目右侧的箭头展开和折叠树的不同部分。
注意:(NOTE:)您也可以在窗口右侧的操作列表中单击(Actions)将所有事件另存为。(Save All Event As)所选日志的名称显示为可用选项上方的标题。
如果在所选日志名称下的弹出菜单中没有看到可用选项,请单击标题上的向下箭头以展开列表。
在“另存为(Save As)”对话框中,导航到要保存事件日志文件的位置。在文件名中输入已保存日志文件的名称(File name),然后从保存类型( Save as type)下拉列表中选择文件类型。
注意:(NOTE:)您可以将日志文件保存为事件文件(Event File)( .evtx )、XML 文件 ( .xml )、制表符分隔文件 ( .txt ) 或逗号分隔文件 ( .csv )。您可以再次导入事件查看器(Event Viewer)的唯一文件类型是.evtx类型。其他类型允许您在事件查看器(Event Viewer)之外查看日志数据,但无法将文件重新导入事件查看器(Event Viewer)。
单击保存(Save)将事件日志保存到文件。
如果您选择了.evtx文件类型,则会显示“显示信息(Display Information)”对话框。如果您希望能够将日志数据导入另一台计算机上的事件查看器(Event Viewer),您可能需要在导出的日志文件中包含显示信息。选择显示这些语言的信息(Display information for these languages )单选按钮。如果您需要其他语言,请选中显示所有可用语言(Show all available languages)复选框,然后选中所需语言的复选框(如果可用)。单击(Click) 确定(OK)。
包含您的语言环境元数据的目录将写入与您保存的日志文件相同的目录。
打开保存的日志
要打开导出为 .evtx 文件的日志文件,请从操作(Action)菜单中选择打开保存的日志。(Open Saved Log)
在Open Saved Log对话框中,导航到您保存.evtx文件的位置,选择它,然后单击Open。
清除事件日志
导出日志后,您可以轻松清除它。为此,请从操作(Action)菜单中选择清除日志。( Clear Log)
注意:您也可以右键单击日志并从弹出菜单中选择清除日志,或单击(Clear Log)事件查看器(Event Viewer)窗口右侧的操作列表中的(Actions)清除日志。(Clear Log)
将显示一个对话框,允许您在清除之前保存日志,以防您尚未导出它。如果单击Save and Clear ,如果您选择(Save and Clear).evtx文件类型,则会显示前面提到的相同的Save As对话框并显示 Display Information(Display Information)对话框。如果您已经保存了日志文件,请单击清除(Clear)以清除日志。
增加事件日志(Event Log)的最大大小(Maximum Size)
如果您收到事件日志已满的消息,您可能需要增加该日志允许的最大大小。为此,请右键单击所需的日志并从弹出菜单中选择属性。(Properties)
注意:(NOTE:)同样,您可以从“操作”(Action)菜单或“操作(Actions)”列表中访问“属性”选项。(Properties)
显示日志属性(Log Properties)对话框。要增加所选日志允许的最大大小,请单击最大日志大小(Maximum log size)编辑框上的向上箭头以更改数字(以千字节为单位)。您还可以突出显示当前号码并键入新号码。
选择(Select)达到最大事件日志大小时要执行的操作。您可以根据需要选择覆盖事件(Overwrite events as needed),从最旧的事件开始,到满时存档日志( Archive the log when full),这不会覆盖任何事件,或者不覆盖事件(Do not overwrite the events),这意味着您必须手动清除事件日志。
您还可以通过单击清除日志在( Clear Log)日志属性(Log Properties)对话框中清除选定的日志。完成更改后单击确定。(OK)
要关闭事件查看器,请从文件(File)菜单中选择退出。(Exit)
Windows 事件查看器(Windows Event Viewer)是获取有关硬件、软件和系统组件信息的有用工具。它可以帮助您识别当前的系统问题,例如您的计算机崩溃的原因,或者是什么导致了特定程序的最新问题。享受!
Export, Clear, and Increase Size for Event Logs in Windows
Τhe Event Viewer in Windows іs a centralized log service utilized by applications and operating system components to report events that have takеn place, such aѕ a failure to complete an action or to start a component or program.
There are several sections in the Event Viewer, such as Application and Security under Windows Logs and Applications and Services Logs. The lists of events in each section in the Event Viewer cumulate over time and the lists can get very long and bog down the loading time of the Event Viewer. It can also make it difficult to find problems. You might even encounter a message telling you the event log is full.
This article explains how to export event logs to back them up, how to clear them, and how to increase the size of an event log.
Export a Windows Event Log
It is recommended that you export an event log to back it up before clearing it. To do this, right-click on the log you want to export in the tree on the left side of the Event Viewer window and select Save All Events As from the popup menu. Use the arrows to the right of the tree items to expand and collapse the different sections of the tree.
NOTE: You can also click Save All Event As in the Actions list on the right side of the window. The name of the selected log displays as a heading above the available options.
If you don’t see the available options that are also available on the popup menu under the name of the selected log, click the down arrow on the heading to expand the list.
On the Save As dialog box, navigate to where you want to save your event log file. Enter a name for the saved log file in the File name and choose a file type from the Save as type drop-down list.
NOTE: You can save your log file as an Event File (.evtx), an XML file (.xml), a tab-delimited file (.txt), or a comma-separated file (.csv). The only file type that you can import again into the Event Viewer is the .evtx type. The other types allow you to view your log data outside of the Event Viewer, but the files cannot be imported back into the Event Viewer.
Click Save to save the event log to a file.
If you selected the .evtx file type, the Display Information dialog box displays. If you want to be able to import the log data into the Event Viewer on another computer, you may need to include display information with the exported log file. Select the Display information for these languages radio button. If you need another language, select the Show all available languages check box and select the check box for your desired language, if available. Click OK.
A directory containing the metadata for your locale is written to the same directory as the log file you saved.
Open a Saved Log
To open a log file you exported as a .evtx file, select Open Saved Log from the Action menu.
On the Open Saved Log dialog box, navigate to where you saved your .evtx file, select it, and click Open.
Clear an Event Log
Once you have exported a log, you can easily clear it. To do so, select Clear Log from the Action menu.
NOTE: You can also right-click on the log and select Clear Log from the popup menu or click Clear Log in the Actions list on the right side of the Event Viewer window.
A dialog box displays allowing you to save the log before you clear, in case you haven’t already exported it. If you click Save and Clear, the same Save As dialog box mentioned earlier displays and the Display Information dialog box displays, if you select the .evtx file type. If you have already saved your log file, click Clear to clear the log.
Increase the Maximum Size of an Event Log
If you have received a message that the event log is full, you may want to increase the maximum size allowed for that log. To do this, right-click on the desired log and select Properties from the popup menu.
NOTE: Again, you can access the Properties option from the Action menu or in the Actions list.
The Log Properties dialog box displays. To increase the maximum size allowed for the selected log, click the up arrow on the Maximum log size edit box to change the number (in kilobytes). You can also highlight the current number and type a new number.
Select an action to take when the maximum event log size is reached. You can choose to Overwrite events as needed, starting with the oldest events, to Archive the log when full, which does not overwrite any events, or Do not overwrite the events, which means you must clear the event log manually.
You can also clear the selected log on the Log Properties dialog box by clicking Clear Log. Click OK when you have finished making your changes.
To close the Event Viewer, select Exit from the File menu.
The Windows Event Viewer is a useful tool for obtaining information about your hardware, software, and system components. It can help you identify current system problems, like why your computer crashed, or what caused the latest problem with a specific program. Enjoy!
