Solved

EVENT LOG BACKUPS -- RETRIEVE MISSED EVENTS POSSIBLE?

Posted on 2006-06-15
2
229 Views
Last Modified: 2013-12-04
When an event log is cleared (not deleted), is there anyway by which lost information can be retrieved?
My question is specific to this scenario

In the event of a parallel logging onto a common server location using tools, what would happen to the events that were logged by the PC working in a stand alone mode (disconnected from the network and server)?
Is there a tool/mechanism to keep track of these missed events?

Regards
0
Comment
Question by:AmitBAcharya
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 300 total points
ID: 16916120
By default, Event Viewer log files use the .evt extension and are located in the following folder:

%SystemRoot%\System32\Config

The only way I can think to possible recover any such information would be to use file recovery / undelete type software such as:

http://www.pcinspector.de/file_recovery/UK/welcome.htm

As the event logs are overwritten with the same filename I do not think you will be successfull.

There is no windows function to recover these logs.

Your question regarding the parallel logging I am unsure of as I am unfamiliar with the software but I would hazzard a guess that the local logs do not exist as they are written to a network location.

Good luck.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
ID: 16916700
The above is true, undelete software would be your only recourse in this case. You can use a tool like Snare to log the events to the local machine as well as to remote servers, when the event log is cleared in windows event viewer or other method, Snare logs are not affected. http://www.intersectalliance.com/projects/index.html There are also tools like GFI's SELM for this type of thing also http://www.gfi.com/lanselm/
-rich
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now