How to get Windows device logs from a Windows machine

Windows device logs are detailed reports on important hardware and software actions that are generated and stored by Windows and some dedicated applications. Windows device logs can be retrieved from Windows PC and Phone using tools like Event Viewer and Field Medic.

It is used by the administrators to diagnose any problem on the device or on the apps that are installed. This could be a useful data for future troubleshooting events such as an app crash or Windows system and security errors.

Retrieving Windows PC logs using Windows Event Viewer

Windows Event Viewer is a monitoring tool that shows information about applications, system, setup and security-based events that can be used for troubleshooting and predicting any future issues. Windows 8.1 and Windows 10 device logs can be collected using Event Viewer.

You can open Event Viewer either via a command line,

1. Open Run window using the shortcut Windows+ R.
2. Type “cmd” and click enter to open Command Prompt window.
3. Type “eventvwr” in the prompt and click enter.

Or it can be accessed through,

Start > Control Panel > System and Security > Administrative Tools > Event Viewer.

In event viewer select the type of log that you want to review. Windows stores five types of event logs: application, security, setup, system and forwarded events.

• Application: Logs the events associated with the applications installed in the device.
• Security: Logs data based on device’s audit policy, events like login attempts and resource access.
• Setup: Logs the events during Windows installation.
• System: Logs info about system changes, device changes, device drivers etc.
• Forwarded events: These are the logs of other computers in the same network as the “collector computer”. these logs are found in the collector computer.

MDM logs in Windows Event Viewer

Select “Application and services log > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider”.

To collect admin logs

1. Right-click on “Admin” node and select “Save all events as”.
2. Choose a location and a file name and Save.
3. Choose “Display information for these languages” and select “English (United States)”.
4. Click “Ok”.

To collect debug logs

Right-click on “Debug” node and select “Enable log” for enabling debug logging.

1. Right-click on “Debug” node and select “Save all events as”.
2. Choose a location and a file name and Save.
3. Choose “Display information for these languages” and select “English (United States)”.
4. Click “Ok”.

Windows Phone Event logs from Windows PC

Unlike Windows PC, there is no sophisticated tool like Event Viewer for collecting the Windows phone logs, but it can be generated manually through the “Field Medic” app in Windows Phone 10 and 8.1.

1. Download and install the “Field Medic” app from the Microsoft Store.

2. Open the app and click-on “Advanced” and configure how the event gets logged.
3. Click on “Start Logging” and once it has started, run the apps that you want to troubleshoot. The events get logged into a new report. For example, reproduce the app crash once Event Viewer starts recording.


4. Click on “Stop Logging” once the operation is done.

5. Add a suitable “Report Title” and in “add repro steps here” specify all the steps you have performed in between Start and Stop Logging. Click-on the floppy disk sign to save the report.

6. Tap on “View Reports” to view the reports which were created using this app.

7. Use a USB cable to connect the phone with a PC.
8. In PC go to, Windows Phone > Phone > Documents > Field Medic > Reports.
9. Copy the reports that you want and make it a zip file in case you want to transfer this document. Or you can transfer the logs directly from the phone. Logs can be found in, This Device > Documents > Field Medic > reports > folder.