How to Create a Custom View in Event Viewer

Event Log in Windows Server and Desktop computer is a necessary task for detection of any malicious activity or unwanted changes to your systems that usually gets unnoticed.

Since enhancements were created to Windows and specifically the addition of custom views within the Event Viewer management console, this usually heavy job has become easier.

In this example, we will create the custom view for Windows account management this applies to all version of Windows including Server OS. For this, go to run menu and type eventvwr and press enter. Or you can access event viewer from Tools menu in Server Manager.

It will open up event viewer on your computer.

On the left side, click on create the custom view.

It will open up a custom view setup dialog box. There are many options to select for your custom view. Now select your required details, Select the time frame in which you want to see the created logs for.

If you are going to make the custom view for Warning, Errors, Information, Critical or Verbose, check that option. In this case, I will check Error and Critical.

Now select event log type from the drop down menu. I have selected Security.

Now select event source, which application/tool is generating the event.

If you are looking for specific event ID, you can also enter that event ID information.  We also have the option to select the events for the specific user or for specific machines.

Once you are done with these setting, Click on OK. It will show up a dialog box to save the custom viewer we have created, Name that custom event and enter the description if required and click OK.

It will save your custom event created for auditing purpose.

Now you have a custom view setup for your specific event which can be accessed via one click only.

By following the same process, we can create custom events for different events ID we use to audit normal days like in-house applications etc.

Leave a Reply