|
-
June 23rd, 2003, 02:29 PM
#1
Event Viewer Sec.
Somehow my security event log has become corrupted and I cannot gain access to the previous file. Nor log anything current events. It states it was last modified a couple days ago and it seems I cannot even save the current log. Any suggestions on how to recover the previous log and get it to start logging again?
-
June 23rd, 2003, 03:02 PM
#2
Have you tried to just clear the eventlog? It's no use to you now anyway.
Is there enough diskspace available?
Which version of Windows are you working on?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 23rd, 2003, 03:10 PM
#3
Windows NT, but for reasons. I would really like to try to restore what was corrupted and understand how or why this had happend so I can avoid the possibility of this happening in the future.
-
June 23rd, 2003, 03:19 PM
#4
.csv
have you tried exporting the logs to a .csv file ?
if not then try it, but it does sound like they are just full and need purging !
Not enough information really but i would try and export them into .csv nad see what happens .
maybe this is of no help at all though, as i said need more information.
Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !
The Head foundation
Please give generously
-
June 23rd, 2003, 03:30 PM
#5
the save as feature is disabled.
-
June 23rd, 2003, 03:37 PM
#6
You have to help us help you.
We need to know:
1) Are you logged in as the local administrator?
2) What events happened just before this condition came up?
3) What version of NT? (workstation or server) and what service pack level (post 6a srp, etc.)?
4) What you see (screen shots are helpful)?
5) Do you remember what you had Event Viewer set for? (how big of a file, rotation, etc)?
If we have these things, we may be able to narrow down some options for you.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 23rd, 2003, 03:38 PM
#7
im stuck then sorry, have you tried the knowledge base ?
http://support.microsoft.com/
Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !
The Head foundation
Please give generously
-
June 23rd, 2003, 04:43 PM
#8
Yes, I am logged on as the Local Administrator. Same errors occur under normal user account. Nothing happened before the condition, but when I open the event viewer it opens to system where everything is normal and once I click on the security tab I get the error "The event log file is corrupt" and in the section where it would say # of files it states "unable to read contents". I am running Windows 2000 / SP 2. I cannot get into the viewer settings, it seems System and Applications properties work fine, but when I right click on Security I get no properties option. I am confused. Never seen anything like this before.
-
June 23rd, 2003, 05:48 PM
#9
Win NT or 2K
Right OK you said earlier you were running Windows NT but you just said it was Windows 2000 SP2. Oh well never mind, on the knowledge base there is alot of info concering corrupt logs in event viewer so perhaps one of them applies to your scenario.
I know alot of security issues in Windows 2000 were caused by Scecli.dll which is updated to fix the issues in SP3 so maybe that will help.
try
http://support.microsoft.com/search/...fxSearch_Query
hoep this helps a bit
Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !
The Head foundation
Please give generously
-
June 23rd, 2003, 06:14 PM
#10
geepod has lead me to believe it could be: Microsoft Knowledge Base Article 811143 . Any other suggestions or if anyone disagrees with this possibility?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
