Event Viewer Sec.
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Event Viewer Sec.

  1. #1
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828

    Event Viewer Sec.

    Somehow my security event log has become corrupted and I cannot gain access to the previous file. Nor log anything current events. It states it was last modified a couple days ago and it seems I cannot even save the current log. Any suggestions on how to recover the previous log and get it to start logging again?

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Have you tried to just clear the eventlog? It's no use to you now anyway.
    Is there enough diskspace available?

    Which version of Windows are you working on?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Windows NT, but for reasons. I would really like to try to restore what was corrupted and understand how or why this had happend so I can avoid the possibility of this happening in the future.

  4. #4
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211

    .csv

    have you tried exporting the logs to a .csv file ?

    if not then try it, but it does sound like they are just full and need purging !
    Not enough information really but i would try and export them into .csv nad see what happens .

    maybe this is of no help at all though, as i said need more information.
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  5. #5
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    the save as feature is disabled.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    You have to help us help you.

    We need to know:
    1) Are you logged in as the local administrator?
    2) What events happened just before this condition came up?
    3) What version of NT? (workstation or server) and what service pack level (post 6a srp, etc.)?
    4) What you see (screen shots are helpful)?
    5) Do you remember what you had Event Viewer set for? (how big of a file, rotation, etc)?

    If we have these things, we may be able to narrow down some options for you.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    im stuck then sorry, have you tried the knowledge base ?

    http://support.microsoft.com/
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  8. #8
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Yes, I am logged on as the Local Administrator. Same errors occur under normal user account. Nothing happened before the condition, but when I open the event viewer it opens to system where everything is normal and once I click on the security tab I get the error "The event log file is corrupt" and in the section where it would say # of files it states "unable to read contents". I am running Windows 2000 / SP 2. I cannot get into the viewer settings, it seems System and Applications properties work fine, but when I right click on Security I get no properties option. I am confused. Never seen anything like this before.

  9. #9
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211

    Win NT or 2K

    Right OK you said earlier you were running Windows NT but you just said it was Windows 2000 SP2. Oh well never mind, on the knowledge base there is alot of info concering corrupt logs in event viewer so perhaps one of them applies to your scenario.

    I know alot of security issues in Windows 2000 were caused by Scecli.dll which is updated to fix the issues in SP3 so maybe that will help.

    try
    http://support.microsoft.com/search/...fxSearch_Query

    hoep this helps a bit
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  10. #10
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    geepod has lead me to believe it could be: Microsoft Knowledge Base Article 811143 . Any other suggestions or if anyone disagrees with this possibility?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides