Find crash and error logs and location in Windows 10 / 11 ?


👤 Diwas Poudel    🕒 May 23 2022    📁 Fix    📜 0 comment

macOS, Linux, and Windows OS are the three operating systems that have the most number of users worldwide. If you want to know which operating system crashes the most, you should ask any tech nerd. Then everyone will say that there is no operating system that does not crash, but the Windows operating system has the most crashes, freezes, and hangs out of all operating systems.

There are several potential causes of a computer crash, some of which are flaws with the hardware, some with the operating system, and still others with software. Some of the popular and well-known issues are :

1 Virus and malware.

2 Corrupted OS and third party Software

3 Outdated and Corrupted Drivers.

4 Insufficient and low capacity hardware resources like CPU, RAM, and Harddisk.

5 Overheating Systems, Faulty Manufacturing.

6 InCompatible Software

7 Unreliable or unstable source of power supply

Actually finding errors and troubleshooting errors is a difficult task. Instead of doing random things from random advice which may be poorly stated the problem, the best solution is to try and read this blog thoroughly which helps you to understand the problem and solve it accordingly.

One thing to note is that finding and fixing crashes may take time. Some can be fixed soon and some may take days. These steps mentioned here help in identifying and narrowing down the problem that you are facing with your pc.

Also Read: How to find or check windows 10 login history?

Find Windows 10 / 11 Errors Logs Using Event Viewer

When your hardware or software of the system crashes, hangs, or freezes then the operating system generates and maintains a crash log record to identify the causes of the crashes. Windows Operating System maintains this log-in Event Viewer.

Event Viewer captures all the information like how your system software and drivers are loaded. That captured information can be of various types like errors types, informational types, warning types, success audit types, alert types, notice types, and debug types failure audit types. Though there are a large amount of data in logs, our mission should be to find and filter specific problem.

Event Severity Types:

There are mainly 3 event severity types: Information, Warning, and Error.

Informational: It indicates successful action performed in your system. Like progress status messages, success messages, informational messages, etc.

Warning: It indicates information that might create problems in the future.

Error: It indicates problems like failures of critical tasks.

Follow the below steps for finding errors in Event Viewer.

1 Goto search bar and type event and select Event Viewer from the list.

Event Viewer will be opened up as shown below.

As soon as you opened the event viewer, you will get a summary of Administrative Events which provides various event type information as shown below.

Here, we can see, that within 7 days, 142 Error Levels are detected, 9 within 24 hours, and 2 within the last hour.

Similarly, you can find other event types like a warning, informational, and audit success information.

For finding out error and crashes log information, we will focus on two logs.

  • Windows Logs
  • Applications and Services Logs 

Now, let's find out the simple errors.

2 Under Windows Logs, click on System. Then on the main panel, you will find all the log information. Scroll down in the main panel, you will find the Error Level log as shown below.

It provides information like when was this error recorded, its Event Id, Task Category, Source from where the error occurs, etc. When you click on the error you will get general and detailed information about the error.

General Tab shows general information.

Detail Tab shows raw event data and you can view those data in Friendly View as well as XML View.

Create Custom View of Error Logs

We can create and filter the custom views of the logs so that we can view only a particular level. 

1 Click on Create Custom View located at the top-right pane as shown below.

create-custom-view

2 Select Error from Event Level and under Event Logs dropdown select  Windows Logs > System and press Ok.

create-custom-view-event-viewer

Here, I am filtering Error Level for System Category.

3 Give a name for Custom View. Here I have given "Windows System Error Logs" as shown below.

name-of-custom-view-event-viewer

4 Those custom views are recorded under the Custom Views folder located at the top left pane.

As I have just created a "Windows System Error Logs" custom view, click on it. And we will get all error which is present under Windows Log > System.

We can easily archive those error and crashes in various format like .evt, .txt, .csv etc.

Also Read: What is TIFF File Format? How to Open TIFF Files?

Find Windows 10 / 11 Errors Log Using Powershell

Powershell is a powerful Microsoft tool that provides a command-line interface for task automation and configuration management framework.

Let's find out error logs using Powershell.

Syntax:

Get-EventLog -Log LogName | where {$_.entryType -match "LogType"}

Eg. Finding Error Level Log from Windows System records related to programs installed on the system.

Get-EventLog -Log system  | where {$_.entryType -match "Error"}

or simply

Get-EventLog -LogName System -EntryType Error

Now, 

let's get the newest 15 error log from System Event.

Get-EventLog -LogName System -Newest 15 -EntryType Error

15 system error event log

Here, instead of 15, you can use any number.

 

Find Windows 10 / 11  Crashes and Error Logs using Reliability Monitor

Windows 7 introduced Reliability Monitor features and later adopted them in Windows 8,8.1,10 and 11. Reliability Monitor gives a quick overview of how your system is. It describes errors, warnings, and crash information in graphical format in a much more readable way. Overall, Reliability Monitor tells about how reliable and stable your system has been.

So, let's find Windows 10 crashes and error logs using Reliability Monitor.

1 Goto search bar and type reliability and then select "view reliability history" from the list.

Reliability Monitor looks like this:

It has a stability Score ranging from one to ten. And, according to your system, its score changes on a regular basis. The horizontal line in the figure above clearly shows that on 5/24/2021, the stability index is around 5, and the system was performing well up to 6/2/2021. The stability score then fell on 6/3/2021.

It has 4 different categories. As shown in the right red rectangle above.

  • Application Failures: These tracks like unexpectedly closed the application, applications not responding information, etc.
  • Windows Failures: This tracks Operating system failed to start, OS crashes, driver failure, etc.
  • Miscellaneous Failures: Other failures not included in application and windows failures.
  • Warnings: such as Unable to update windows etc.
  • Information: such as Successful windows update.

Here in the chart, critical Errors are shown by red circles, warnings are shown by yellow triangles, and information is shown in blue circles. Note that: Warning and information are not taken while calculating the stability index.

In the graph, we can see that the first error took place on 5/24/2021, as indicated by the red X circle. This error is connected to application failures, as the graph shows. On June 5th, 2021, we can see that problems and faults relating to applications and windows have happened. On the same day, we can also see that warnings and informational messages have been displayed.

When you click on any row in the chart, you will get respective date failures(if any)/warning(if any)/information(if any) just below the chart.

When clicked on the row of date: 6/3/2021, those errors are shown as below. Here we can clearly see that system is having critical errors as Windows Hardware errors and Asus System Analysis Stopped working error. Also, it is showing Windows Update failure warning and Windows.

Find Windows 10 / 11 crashes log with the help of the Windows Memory Dump File

If your Windows system crashes and you want to record the issue and prevent/troubleshoot it from happening again, a Windows Memory dump file may be useful. It helps in the recovery of information from a crashed computer. It contains an error message associated with a blue-screen of death(BSOD). (Tested in Both Windows 10 and Windows 11)

If your system is currently running, enable a memory dump to collect memory dumps if the freeze issue occurs again.

1 Goto run and type: sysdm.cpl and press enter.

sysdmcpl
fig. sysdm.cpl

2 Click on the Advance tab 

3 Under the Startup and Recovery section, click on Settings.

advance-setting-for-memory-dump-process

4 Then Check "Write an event to the system log" and uncheck "Automatically restart

5 Select "Complete Memory Dump" if you have a large disk size otherwise select a Small memory dump(256 KB) if you have limited disk space.

6 Select "Overwrite any existing file" to overwrite the existing file.

savememorydmp

7 Click on the Ok button.

Now when your system crashes and you want to find crashed information then you will get it at path "%SystemRoot%\MEMORY.DMP"

Note: To create a memory dump file, Windows requires at least a 2 MB paging file on the boot volume.

Find Windows 10 / 11 Crashes and Error Logs using Third-Party Software

There are lots of Windows 10 / 11 Event Logs third-party software which can be handy for you. So here is the list of some commonly used Windows 10 Event Logs Viewer for Finding Crashes and Error Logs

1 SysMon

Sysmon (System Monitor) is a component of SysInternals Tools. It is a Windows system service and device driver. Once installed, it remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information on what is happening in the operating system, such as process creation, network connections, and changes to file creation time.

Download

2 Splunk 

Splunk Cloud Platform can be used to monitor Windows Event Log channels. Splunk universal or heavy forwarder is utilized here to collect data and send it to Splunk Cloud Platforms.

splunk-enterprise
fig. Splunk Enterprise Dashboard (source)

Download

3 Event Log Explorer

Event Log Explorer is a powerful software tool that allows you to observe, analyze, and monitor Windows Event Log activities. Event Log Explorer significantly simplifies and accelerates event log examination of all types, including security, system, application, setup, DNS, and others.

Download

4 LOGalyze

Logalyze is open-source software that is free and lightweight for centralized log management and network monitoring.LOGalyze can analyze server and application logs and can report data in PDF, CSV, and HTML format. It is compatible with both Linux and Windows operating systems.
It also offers powerful search capabilities and can detect real-time events in services distributed across multiple nodes.

logalyze
fig. Logalyze (source)

Download

5 SnakeTail

SnakeTail is another Windows Tail log analyzer tool for monitoring large text files and Windows Event Logs with no administrative rights.

Download

How to Fix Crash in Windows 10 and Windows 11?

 You can fix or reduce the crashing issue on Windows 10 or 11 by following the steps below.

Also read: Does Windows 11 use more RAM than Windows 10?

1 Reboot your PC: It's possible that simply restarting your computer will solve the problem. It will clean the memory and put a stop to any processes that are hogging your resources, such as RAM and CPU, for no apparent reason. A reboot can fix problems with hardware and peripheral devices as well.

2 Disable CPU Overclocking: There are situations when your CPU will crash due to overheating, and the overheating could be caused by an overclocked CPU. Stopping the CPU from being overclocked is therefore one technique to prevent the overheating and crashing issue.

3 Updates Driver from Guenine Source: Keeping your drivers up to date and updating those that are out of date can prevent your computer from crashing.
An obsolete driver or missing updates or corrupted updates could be responsible for a BSOD that prevents you from accessing the desktop.

If you experience crashes in your programs, such as Zoom, Skype, and games, then you probably blame this application; however, this does not always happen, and the problem could be with your driver; thus, you should update your driver as soon as you can.

4 System Restore: If you are having issues with the functionality of your Windows machine, you can use the System Restore feature to revert the system files, program files, and registry information to an earlier version themselves. If these files are damaged or corrupted in any way, using System Restore to restore them to an earlier point in time will fix the issue for you.

5 Scan your system for the error

You can try any of the below commands to scan your system.

sfc /scannow

When you use the command sfc /scannow, it will check all of the protected system files and, if any of them are corrupted, it will replace them with a cached duplicate that is stored in a compressed folder at the path %WinDir%\System32\dllcache

You can try DISM Command: The Dism command does a check for corruption and fixes any issues that it discovers with the operating system into which you are currently logged.

dism.exe /online /cleanup-image /restorehealth

FAQ:

1 What are the most common crashes in Windows OS?

Ans: Almost all the crashes and error logs of windows OS can be found in Event Viewer. Event Log can tell you why and when a crash occurred.

There are 3 most common crashes in Windows OS are :

  • Unexpected Shutdown and restart.
  •  Application Hangs
  • Application Level Fault.
2 Where to find startup problems?

Ans: You can find boot/startup logs in Event Viewer, Reliability Monitor, and Boot Logs.

You can look above for the Event Viewer method and reliability monitor methods. Here I will explain using Boot Logs. Actually, Boot Logs contains both Successful as well as unsuccessful information that occurs during boot. Those logs are found in the Ntbtlog.txt file.

3 What is BSOD?

BSOD stands for Blue Screen Of Death. As a name, they are a kind of fatal windows system crash displayed in Blue Screen as shown below.

Blue Screen Of Death

BSOD signifies a system crash in which the operating system is unable to operate safely. The General Cause of BSOD is hardware and software driver issues.

4 How to fix Windows Corrupted System Files?

If there are corrupted system files in Windows, then SRC(System File Checker) can fix most of them.

  • Open Command Prompt with admin privileges.
  • Type the below command and press Enter
sfc /scannow

Then wait for the process to complete.

Can I Clear Error Log in Windows 11 ?

Ans: You are free to go. Windows Error Logs are small in size and can be left as it is. You should not be concerned about them at all.You are free to clear them if you wish.