Solved

EVENT LOG BACKUPS -- RETRIEVE MISSED EVENTS POSSIBLE?

Posted on 2006-06-15
2
220 Views
Last Modified: 2013-12-04
When an event log is cleared (not deleted), is there anyway by which lost information can be retrieved?
My question is specific to this scenario

In the event of a parallel logging onto a common server location using tools, what would happen to the events that were logged by the PC working in a stand alone mode (disconnected from the network and server)?
Is there a tool/mechanism to keep track of these missed events?

Regards
0
Comment
Question by:AmitBAcharya
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 300 total points
Comment Utility
By default, Event Viewer log files use the .evt extension and are located in the following folder:

%SystemRoot%\System32\Config

The only way I can think to possible recover any such information would be to use file recovery / undelete type software such as:

http://www.pcinspector.de/file_recovery/UK/welcome.htm

As the event logs are overwritten with the same filename I do not think you will be successfull.

There is no windows function to recover these logs.

Your question regarding the parallel logging I am unsure of as I am unfamiliar with the software but I would hazzard a guess that the local logs do not exist as they are written to a network location.

Good luck.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
Comment Utility
The above is true, undelete software would be your only recourse in this case. You can use a tool like Snare to log the events to the local machine as well as to remote servers, when the event log is cleared in windows event viewer or other method, Snare logs are not affected. http://www.intersectalliance.com/projects/index.html There are also tools like GFI's SELM for this type of thing also http://www.gfi.com/lanselm/
-rich
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now