Solved

EVENT LOG BACKUPS -- RETRIEVE MISSED EVENTS POSSIBLE?

Posted on 2006-06-15
2
253 Views
Last Modified: 2013-12-04
When an event log is cleared (not deleted), is there anyway by which lost information can be retrieved?
My question is specific to this scenario

In the event of a parallel logging onto a common server location using tools, what would happen to the events that were logged by the PC working in a stand alone mode (disconnected from the network and server)?
Is there a tool/mechanism to keep track of these missed events?

Regards
0
Comment
Question by:AmitBAcharya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 300 total points
ID: 16916120
By default, Event Viewer log files use the .evt extension and are located in the following folder:

%SystemRoot%\System32\Config

The only way I can think to possible recover any such information would be to use file recovery / undelete type software such as:

http://www.pcinspector.de/file_recovery/UK/welcome.htm

As the event logs are overwritten with the same filename I do not think you will be successfull.

There is no windows function to recover these logs.

Your question regarding the parallel logging I am unsure of as I am unfamiliar with the software but I would hazzard a guess that the local logs do not exist as they are written to a network location.

Good luck.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
ID: 16916700
The above is true, undelete software would be your only recourse in this case. You can use a tool like Snare to log the events to the local machine as well as to remote servers, when the event log is cleared in windows event viewer or other method, Snare logs are not affected. http://www.intersectalliance.com/projects/index.html There are also tools like GFI's SELM for this type of thing also http://www.gfi.com/lanselm/
-rich
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question