A quick guide to Windows Event Logs and Event Viewer

What is a Windows Event Log?

Windows Event Log is a record of events taking place in your network that you can use to troubleshoot network issues. Using the messages recorded in the event log, an administrator can diagnose problems with an application or operating system, check if modifications were made to the system or if security principles were tampered with.

Windows logs are classified into 5 categories:

Application logs display events logged by applications.
Security logs describe both successful and failed logon or logoff events, modifications, creation, or deletions made to a file or folder, accounts created modified or deleted.
System logs describe drivers or hardware related events.
Setup logs describe events that have occurred during installation.
Forwarded events describe events logged by other computers on the network that share their events with a 'collector' computer.

Logs messages are also of five types.

Information	An event that describes the successful completion of a task. For example, an Information event is logged when a network driver loads successfully.
Warning	An event that is not necessarily significant, however, may indicate the possible occurrence of a future problem. For example, a Warning message is logged when disk space starts to run low.
Error	An event that indicates a serious problem such as loss of data or functionality. For example, a service fails to load during startup.
Success Audit (Security log)	An event that describes the successful completion of an audited security event. For example, a Success Audit event is logged when a user logs on to the computer.
Failure Audit (Security log)	An event that describes an audited security event that did not complete successfully. For example, a Failure Audit may be logged when a user cannot access a network drive.

How to use Event Viewer to view event logs

Event Viewer displays the various event logs. You can access the Event Viewer from your 'Start' menu and from a 'Server Manager' as well.

Shown below is an image of the events in an Event Viewer.

Clicking a particular event brings up a dialog box that gives you all the details related to the event.
You can view the date and time the event took place and what event it is.
Right-click on an event select 'Copy' and then select 'Copy Details as text'. You can paste the results in to Notepad.

Since Event Viewer normally consists of numerous events, you need an easy way to look for a particular event that is relevant to you.

'Filter Current Log' option on the right side pane (known as the Action Pane). This opens up a Filter Current Log dialog box. You can search for a particular event by entering the Event ID in the 'All Event IDs' box. This will filter the event logs to provide only the event that corresponds with the Event ID you've entered. You can also choose to filter your logs according to 'Event Sources'. You can select a specific event source from the drop-down list available.

Event Viewer also helps you export your logs by saving it to an event file with an EVTX extension. You can save events to event file with the 'Save All Events as' or 'Save All Events in Custom View As'.
You can view a summary of all the events by double-clicking the 'Event Viewer' node. You can view the following summary:

Summary of Administrative events: displays a total of all the event types logged during the week.

Recently viewed nodes: displays a list of viewed nodes sorted chronologically. Log Summary: describes properties of each log file.

Log Summary: describes properties of each log file.

Here's a simple solution you could also consider....

Although Event Viewer is the default tool to check your logs, you could also try out something simpler like ADAudit Plus.

ADAudit Plus is a comprehensive solution that simplifies AD auditing and reporting. Its intuitive user interface, pre-configured reports, and advanced filter options make it easy for you to track changes to your network, and detect threats immediately. You get a fully equipped dashboard that gives you a holistic view of the various systems in your network. This way you can correlate events across the network and spot suspicious behavior.

ADAudit Plus is a real-time, web-based Windows Active Directory (AD) change reporting software that audits, reports and alerts on Active Directory, Windows servers and workstations, and NAS storage devices to meet the demands of security, and compliance requirements. You can track AD management changes, processes, folder modifications, permissions changes, and more with 200+ reports and real-time alerts. https://www.manageengine.com/active-directory-audit/.