?
Solved

EVENT LOG BACKUPS -- RETRIEVE MISSED EVENTS POSSIBLE?

Posted on 2006-06-15
2
Medium Priority
?
257 Views
Last Modified: 2013-12-04
When an event log is cleared (not deleted), is there anyway by which lost information can be retrieved?
My question is specific to this scenario

In the event of a parallel logging onto a common server location using tools, what would happen to the events that were logged by the PC working in a stand alone mode (disconnected from the network and server)?
Is there a tool/mechanism to keep track of these missed events?

Regards
0
Comment
Question by:AmitBAcharya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 1200 total points
ID: 16916120
By default, Event Viewer log files use the .evt extension and are located in the following folder:

%SystemRoot%\System32\Config

The only way I can think to possible recover any such information would be to use file recovery / undelete type software such as:

http://www.pcinspector.de/file_recovery/UK/welcome.htm

As the event logs are overwritten with the same filename I do not think you will be successfull.

There is no windows function to recover these logs.

Your question regarding the parallel logging I am unsure of as I am unfamiliar with the software but I would hazzard a guess that the local logs do not exist as they are written to a network location.

Good luck.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 800 total points
ID: 16916700
The above is true, undelete software would be your only recourse in this case. You can use a tool like Snare to log the events to the local machine as well as to remote servers, when the event log is cleared in windows event viewer or other method, Snare logs are not affected. http://www.intersectalliance.com/projects/index.html There are also tools like GFI's SELM for this type of thing also http://www.gfi.com/lanselm/
-rich
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month9 days, 15 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question