14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Troubleshooting Guides
  3. Windows

Category filter

How to get Windows device logs from a Windows machine

Jump To

Windows device logs are detailed reports on important hardware and software actions that are generated and stored by Windows and some dedicated applications. Windows device logs can be retrieved from Windows PC using tools like Event Viewer and Field Medic.

It is used by the administrators to diagnose any problem on the device or on the apps that are installed. This could be useful data for future troubleshooting events such as an app crash or Windows system and security errors.

Retrieving Windows PC logs using Windows Event Viewer

Windows Event Viewer is a monitoring tool that shows information about applications, systems, setup, and security-based events that can be used for troubleshooting and predicting any future issues. Windows 8.1 and Windows 10 device logs can be collected using Event Viewer.

You can open Event Viewer either via a command line:

  1. Open the Run window using the shortcut Windows+ R.
  2. Type “cmd” and click enter to open Command Prompt window.
  3. Type “eventvwr” in the prompt and click enter.

Or it can be accessed through:

Start > Control Panel > System and Security > Windows Tools > Event Viewer.

In the Event Viewer select the type of log that you want to review. Windows stores five types of event logs: application, security, setup, system, and forwarded events.

  • Application: Logs the events associated with the applications installed in the device.
  • Security: Logs data based on the device’s audit policy, events like login attempts, and resource access.
  • Setup: Logs the events during Windows installation.
  • System: Logs info about system changes, device changes, device drivers, etc.
  • Forwarded events: These are the logs of other computers in the same network as the “collector computer”. these logs are found in the collector computer.

Note:

Event Viewer logs data like error, warning, information, success audit, and failure audit.


windows device log types
windows device audit logs

MDM logs in Windows Event Viewer

Select “Application and services log > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider”.

Note:

For enabling Debug logs in Event Viewer, check the “Show Analytic and Debug logs” option in the “View” menu.

mdm logs
To collect admin logs
  1. Right-click on the “Admin” node and select “Save all events as”.
  2. Choose a location and a file name and Save.
  3. Choose “Display information for these languages” and select “English (United States)”.
  4. Click “Ok”.
To collect debug logs

Right-click on “Debug” node and select “Enable log” for enabling debug logging.

  1. Right-click on the “Debug” node and select “Save all events as”.
  2. Choose a location and a file name and Save.
  3. Choose “Display information for these languages” and select “English (United States)”.
  4. Click “Ok”.
Note:

MDM logs are stored in this location for devices running Windows 10 (v1511+)

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Troubleshooting Guides