If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Application, Security and System log files - where are they located
On Wed, 4 Feb 2009 04:51:51 -0600, "AnnaMarie"
wrote: "Mort" wrote in message .. . HUGE SNIP Not one of those links does what the OP wants to do. Not one even helps. I do not know whom "OP" is, but if its ME, then, Mort, in general you may be correct, however, specifically, JS posted reply did HELP answer my QUESTION regarding where the files associated with Event Viewer's Application, Security and System logs were located: [snip] I saw that... but know where they are doesn't help, does it!? (as you - and I - found out). Manually clearing the logs - you do it daily, I'm less obsessive about it - appears to be the only option. BTW... "OP" = Original Poster |
Ads |
#17
|
|||
|
|||
Application, Security and System log files - where are they located
On Wed, 4 Feb 2009 04:51:51 -0600, "AnnaMarie"
wrote: "Mort" wrote in message .. . HUGE SNIP Not one of those links does what the OP wants to do. Not one even helps. I do not know whom "OP" is, but if its ME, then, Mort, in general you may be correct, however, specifically, JS posted reply did HELP answer my QUESTION regarding where the files associated with Event Viewer's Application, Security and System logs were located: [snip] I saw that... but know where they are doesn't help, does it!? (as you - and I - found out). Manually clearing the logs - you do it daily, I'm less obsessive about it - appears to be the only option. BTW... "OP" = Original Poster |
#18
|
|||
|
|||
Application, Security and System log files - where are they located
I posted all the information I could find in hopes of giving you some ideas
to try. You did all that was expected and more. One thing you might try is a "keystroke" macro. It's been a long time since I have used this technique so I can't make any recommendations as to what keystroke tool to use but if your google: http://www.google.com/search?hl=en&q...recorder+macro You will find a number of hits, one being: Auto Macro Recorder http://www.macro-recorder.com/ -- JS http://www.pagestart.com "AnnaMarie" wrote in message ... Thanks for your reply, JS. I want to also thank you for sharing your suggestions, one of which provided me with the ANSWER to my QUESTION . . . Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? The ANSWER is, of course, the C:\WINDOWS\system32\config\ directory - where we find . . . C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Prior to investigating the links provided in your reply, I . . . - cleared each Event Log file - copied each .Evt file to a new directory on my F:\ drive - and created the following batch file . . . COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt COPY F:\Event_Viewer_LOG_Files\SecEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt COPY F:\Event_Viewer_LOG_Files\SysEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt It did not work. To find why, I opened a CMD PROMPT window and discovered the following . . . C:\COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt The process cannot access the file because it is being used by another process. 0 file(s) copied. C:\ Having failed, I investigated the contents of each of your suggested links and my results and or conclusions are as follows . . . http://support.microsoft.com/default...;EN-US;q172156 states . . . The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed. The EventLog service cannot be stopped because it is required by other services, thus the files are always open. This article describes a method to rename or move these files for troubleshooting purposes. NTFS Partition method Click the Start button, point to Settings, click Control Panel, and then double-click Services. Select the EventLog service and click Startup. Change the Startup Type to Disabled, and then click OK. If you are unable to log on to the computer but can access the registry remotely, you can change the Startup value in the following registry key to 0x4: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog Restart Windows. NOTE: When the system starts up, several services may fail; a message informing the user to use Event Viewer to review errors may appear. Rename or move the corrupt *.evt file from the following location: %SystemRoot%\System32\Config In Control Panel Services tool, re-enable the EventLog service by setting it back to the default of Automatic startup, or change the registry Startup value back to 0x2. . . . far too destructive and requires far more work than what I am currently doing - manually clearing each LOG file's entries. However, it gave me another batch file idea as follows . . . sc stop Eventlog sc config Eventlog start= disabled sc config Eventlog start= auto sc start Eventlog It did not work. To find why, I opened a CMD PROMPT window and discovered the following . . . C:\sc stop Eventlog [SC] ControlService FAILED 1052: The requested control is not valid for this service. C:\ To confirm that the "sc stop Eventlog" command was working I executed the following command line syntax . . . C:\sc config Eventlog start= disabled [SC] ChangeServiceConfig SUCCESS C:\COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt The process cannot access the file because it is being used by another process. 0 file(s) copied. C:\ While I did confirm the command line syntax was working properly, this idea failed. Accordingly, I furthered my investigation associated with the contents of your remaining links and my results and or conclusions are as follows . . . http://support.microsoft.com/kb/308427 states (among other non-applicable instructions) . . . How to Filter Log Events To filter log events, follow these steps: Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view. On the View menu, click Filter. Click the Filter tab (if it is not already selected). Specify the filter options that you want, and then click OK. Only events that match your filter criteria are displayed in the details pane. To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults. . . . this procedure gave me another new idea. How do create a batch file that UNCHECKS the FILTERS for ALL Event types, something I do not have a clue how to accomplish. Unfortunately, this new idea turned out to be a poor one. Poor, because when I tried this manually, while it did filter the event logs as long as I stayed in MMC, but it did nothing to the actual LOG files [i.e. Appevent.evt, Secevent.evt and Sysevent.evt]. Otherwise, once again, it did not provide a simpler solution than what I am currently doing - manually clearing each LOG file's entries. http://www.tunexp.com/tips/maintain_...ent_log_files/ states . . . Fix Corrupt Event Log Files One of the administrative tools in Microsoft Management Console, Event Viewer maintains logs about program, security, and system events on your computer. You can use Event Viewer to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events. If Event Viewer reports on startup that one or more of your log files is corrupt, you can remedy the situation as follows: Open the Event Viewer. Rightclick on the corrupt log in the left pane and click Properties. Click the Clear button in the Properties dialog box. You cannot delete or rename the log files while the Event Log service is running. . . . which only provides instructions to accomplish exactly what I am currently doing - manually clearing each LOG file's entries. In conclusion, I want to thank you again for helping to ANSWER my QUESTION which identified where the files associated with Event Viewer's Application, Security and System logs were located: C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Unfortunately, after reviewing your suggested links, I was unable to resolve my other goal of creating a BATCH file program to delete the individual files that are created. Given the various system responses including, but not limited to, "The process cannot access the file because it is being used by another process" as well as the Microsoft article that states, "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed," it appears that my goal may never be achieved. Thanks again, JS. |
#19
|
|||
|
|||
Application, Security and System log files - where are they located
I posted all the information I could find in hopes of giving you some ideas
to try. You did all that was expected and more. One thing you might try is a "keystroke" macro. It's been a long time since I have used this technique so I can't make any recommendations as to what keystroke tool to use but if your google: http://www.google.com/search?hl=en&q...recorder+macro You will find a number of hits, one being: Auto Macro Recorder http://www.macro-recorder.com/ -- JS http://www.pagestart.com "AnnaMarie" wrote in message ... Thanks for your reply, JS. I want to also thank you for sharing your suggestions, one of which provided me with the ANSWER to my QUESTION . . . Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? The ANSWER is, of course, the C:\WINDOWS\system32\config\ directory - where we find . . . C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Prior to investigating the links provided in your reply, I . . . - cleared each Event Log file - copied each .Evt file to a new directory on my F:\ drive - and created the following batch file . . . COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt COPY F:\Event_Viewer_LOG_Files\SecEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt COPY F:\Event_Viewer_LOG_Files\SysEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt It did not work. To find why, I opened a CMD PROMPT window and discovered the following . . . C:\COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt The process cannot access the file because it is being used by another process. 0 file(s) copied. C:\ Having failed, I investigated the contents of each of your suggested links and my results and or conclusions are as follows . . . http://support.microsoft.com/default...;EN-US;q172156 states . . . The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed. The EventLog service cannot be stopped because it is required by other services, thus the files are always open. This article describes a method to rename or move these files for troubleshooting purposes. NTFS Partition method Click the Start button, point to Settings, click Control Panel, and then double-click Services. Select the EventLog service and click Startup. Change the Startup Type to Disabled, and then click OK. If you are unable to log on to the computer but can access the registry remotely, you can change the Startup value in the following registry key to 0x4: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog Restart Windows. NOTE: When the system starts up, several services may fail; a message informing the user to use Event Viewer to review errors may appear. Rename or move the corrupt *.evt file from the following location: %SystemRoot%\System32\Config In Control Panel Services tool, re-enable the EventLog service by setting it back to the default of Automatic startup, or change the registry Startup value back to 0x2. . . . far too destructive and requires far more work than what I am currently doing - manually clearing each LOG file's entries. However, it gave me another batch file idea as follows . . . sc stop Eventlog sc config Eventlog start= disabled sc config Eventlog start= auto sc start Eventlog It did not work. To find why, I opened a CMD PROMPT window and discovered the following . . . C:\sc stop Eventlog [SC] ControlService FAILED 1052: The requested control is not valid for this service. C:\ To confirm that the "sc stop Eventlog" command was working I executed the following command line syntax . . . C:\sc config Eventlog start= disabled [SC] ChangeServiceConfig SUCCESS C:\COPY F:\Event_Viewer_LOG_Files\AppEvent.Evt C:\WINDOWS\system32\config\AppEvent.Evt The process cannot access the file because it is being used by another process. 0 file(s) copied. C:\ While I did confirm the command line syntax was working properly, this idea failed. Accordingly, I furthered my investigation associated with the contents of your remaining links and my results and or conclusions are as follows . . . http://support.microsoft.com/kb/308427 states (among other non-applicable instructions) . . . How to Filter Log Events To filter log events, follow these steps: Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view. On the View menu, click Filter. Click the Filter tab (if it is not already selected). Specify the filter options that you want, and then click OK. Only events that match your filter criteria are displayed in the details pane. To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults. . . . this procedure gave me another new idea. How do create a batch file that UNCHECKS the FILTERS for ALL Event types, something I do not have a clue how to accomplish. Unfortunately, this new idea turned out to be a poor one. Poor, because when I tried this manually, while it did filter the event logs as long as I stayed in MMC, but it did nothing to the actual LOG files [i.e. Appevent.evt, Secevent.evt and Sysevent.evt]. Otherwise, once again, it did not provide a simpler solution than what I am currently doing - manually clearing each LOG file's entries. http://www.tunexp.com/tips/maintain_...ent_log_files/ states . . . Fix Corrupt Event Log Files One of the administrative tools in Microsoft Management Console, Event Viewer maintains logs about program, security, and system events on your computer. You can use Event Viewer to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events. If Event Viewer reports on startup that one or more of your log files is corrupt, you can remedy the situation as follows: Open the Event Viewer. Rightclick on the corrupt log in the left pane and click Properties. Click the Clear button in the Properties dialog box. You cannot delete or rename the log files while the Event Log service is running. . . . which only provides instructions to accomplish exactly what I am currently doing - manually clearing each LOG file's entries. In conclusion, I want to thank you again for helping to ANSWER my QUESTION which identified where the files associated with Event Viewer's Application, Security and System logs were located: C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Unfortunately, after reviewing your suggested links, I was unable to resolve my other goal of creating a BATCH file program to delete the individual files that are created. Given the various system responses including, but not limited to, "The process cannot access the file because it is being used by another process" as well as the Microsoft article that states, "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed," it appears that my goal may never be achieved. Thanks again, JS. |
#20
|
|||
|
|||
Application, Security and System log files - where are they located
Thanks for the OP, Mort, and for your support.
I will post again, if I find a method to achieve my goal. AM "Mort" wrote in message ... , snip, snIP, SNIP . I saw that... but know where they are doesn't help, does it!? (as you - and I - found out). Manually clearing the logs - you do it daily, I'm less obsessive about it - appears to be the only option. BTW... "OP" = Original Poster |
#21
|
|||
|
|||
Application, Security and System log files - where are they located
Thanks for the OP, Mort, and for your support.
I will post again, if I find a method to achieve my goal. AM "Mort" wrote in message ... , snip, snIP, SNIP . I saw that... but know where they are doesn't help, does it!? (as you - and I - found out). Manually clearing the logs - you do it daily, I'm less obsessive about it - appears to be the only option. BTW... "OP" = Original Poster |
#22
|
|||
|
|||
Application, Security and System log files - where are they located
Thanks again, JS. I shall look into this idea later today or tomorrow.
AM "JS" @ wrote in message ... I posted all the information I could find in hopes of giving you some ideas to try. You did all that was expected and more. One thing you might try is a "keystroke" macro. It's been a long time since I have used this technique so I can't make any recommendations as to what keystroke tool to use but if your google: http://www.google.com/search?hl=en&q...recorder+macro You will find a number of hits, one being: Auto Macro Recorder http://www.macro-recorder.com/ JS http://www.pagestart.com |
#23
|
|||
|
|||
Application, Security and System log files - where are they located
Thanks again, JS. I shall look into this idea later today or tomorrow.
AM "JS" @ wrote in message ... I posted all the information I could find in hopes of giving you some ideas to try. You did all that was expected and more. One thing you might try is a "keystroke" macro. It's been a long time since I have used this technique so I can't make any recommendations as to what keystroke tool to use but if your google: http://www.google.com/search?hl=en&q...recorder+macro You will find a number of hits, one being: Auto Macro Recorder http://www.macro-recorder.com/ JS http://www.pagestart.com |
#24
|
|||
|
|||
Application, Security and System log files - where are they located
Excellent links, JS; thanks.
Twayne JS wrote: How to view and manage event logs in Event Viewer in Windows XP http://support.microsoft.com/kb/308427 See the section titled: "How to Set Log Size and Overwrite Options" How to Delete Corrupt Event Viewer Log Files http://support.microsoft.com/default...;EN-US;q172156 "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)" Fix Corrupt Event Log Files http://www.tunexp.com/tips/maintain_...ent_log_files/ Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html EventSave and EventSave+ http://www.heysoft.de/Frames/f_sw_es_en.htm (allows you to select the event log types which you want to save and clear) "AnnaMarie" wrote in message ... Hi, On a daily basis, under Administrative Tools / Event Viewer, I inspect the Application, Security and System log files. When there are no problems, I manually clear each log file. I am getting tired of manually cleaning these log files and unless there is a simpler method, I would like to create a BATCH file program to delete the individual files that are created. Unfortunately, I do not know how or where they are written. According to its properties, Event Viewer is located in %SystemRoot%\system32\ directory, however, I do not find any log files there. I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read any of them a window opens and states: "The process cannot access the file because it is being used by another process." That being said, the SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its 'date modified' time stamp corresponds to the most recent time that it was modified. I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\ directory, but the same window opens stating that "The process cannot access the file because it is being used by another process." Regardless, I doubt this is the System log found under Event Viewer because the time associated 'date modified' does not correspond to the most recent time it was modified. Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? Thanks in advance, AnnaMarie |
#25
|
|||
|
|||
Application, Security and System log files - where are they located
Excellent links, JS; thanks.
Twayne JS wrote: How to view and manage event logs in Event Viewer in Windows XP http://support.microsoft.com/kb/308427 See the section titled: "How to Set Log Size and Overwrite Options" How to Delete Corrupt Event Viewer Log Files http://support.microsoft.com/default...;EN-US;q172156 "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)" Fix Corrupt Event Log Files http://www.tunexp.com/tips/maintain_...ent_log_files/ Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html EventSave and EventSave+ http://www.heysoft.de/Frames/f_sw_es_en.htm (allows you to select the event log types which you want to save and clear) "AnnaMarie" wrote in message ... Hi, On a daily basis, under Administrative Tools / Event Viewer, I inspect the Application, Security and System log files. When there are no problems, I manually clear each log file. I am getting tired of manually cleaning these log files and unless there is a simpler method, I would like to create a BATCH file program to delete the individual files that are created. Unfortunately, I do not know how or where they are written. According to its properties, Event Viewer is located in %SystemRoot%\system32\ directory, however, I do not find any log files there. I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read any of them a window opens and states: "The process cannot access the file because it is being used by another process." That being said, the SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its 'date modified' time stamp corresponds to the most recent time that it was modified. I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\ directory, but the same window opens stating that "The process cannot access the file because it is being used by another process." Regardless, I doubt this is the System log found under Event Viewer because the time associated 'date modified' does not correspond to the most recent time it was modified. Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? Thanks in advance, AnnaMarie |
#26
|
|||
|
|||
Application, Security and System log files - where are they located
AnnaMarie wrote:
"Mort" wrote in message ... HUGE SNIP Not one of those links does what the OP wants to do. Not one even helps. I do not know whom "OP" is, but if its ME, then, Mort, in general you may be correct, however, specifically, JS posted reply did HELP answer my QUESTION regarding where the files associated with Event Viewer's Application, Security and System logs were located: C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Unfortunately, after reviewing the contents associated with the suggested links, I was unable to resolve my other goal of creating a BATCH file program to delete the individual files that are created. Given the various system responses including, but not limited to, "The process cannot access the file because it is being used by another process" as well as the Microsoft article that states, "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed," it appears that my goal may never be achieved. AnnaMarie How about the Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html link? It has a script that looks like it would work. Just my 2 ¢ |
#27
|
|||
|
|||
Application, Security and System log files - where are they located
AnnaMarie wrote: "Mort" wrote in message ... HUGE SNIP Not one of those links does what the OP wants to do. Not one even helps. I do not know whom "OP" is, but if its ME, then, Mort, in general you may be correct, however, specifically, JS posted reply did HELP answer my QUESTION regarding where the files associated with Event Viewer's Application, Security and System logs were located: C:\WINDOWS\system32\config\AppEvent.Evt C:\WINDOWS\system32\config\SecEvent.Evt C:\WINDOWS\system32\config\SysEvent.Evt Unfortunately, after reviewing the contents associated with the suggested links, I was unable to resolve my other goal of creating a BATCH file program to delete the individual files that are created. Given the various system responses including, but not limited to, "The process cannot access the file because it is being used by another process" as well as the Microsoft article that states, "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system, preventing the files from being deleted or renamed," it appears that my goal may never be achieved. AnnaMarie How about the Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html link? It has a script that looks like it would work. Just my 2 ¢ |
#28
|
|||
|
|||
Application, Security and System log files - where are they located
You're welcome.
Lets just hope Anna can find a solution. -- JS http://www.pagestart.com "Twayne" wrote in message ... Excellent links, JS; thanks. Twayne JS wrote: How to view and manage event logs in Event Viewer in Windows XP http://support.microsoft.com/kb/308427 See the section titled: "How to Set Log Size and Overwrite Options" How to Delete Corrupt Event Viewer Log Files http://support.microsoft.com/default...;EN-US;q172156 "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)" Fix Corrupt Event Log Files http://www.tunexp.com/tips/maintain_...ent_log_files/ Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html EventSave and EventSave+ http://www.heysoft.de/Frames/f_sw_es_en.htm (allows you to select the event log types which you want to save and clear) "AnnaMarie" wrote in message ... Hi, On a daily basis, under Administrative Tools / Event Viewer, I inspect the Application, Security and System log files. When there are no problems, I manually clear each log file. I am getting tired of manually cleaning these log files and unless there is a simpler method, I would like to create a BATCH file program to delete the individual files that are created. Unfortunately, I do not know how or where they are written. According to its properties, Event Viewer is located in %SystemRoot%\system32\ directory, however, I do not find any log files there. I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read any of them a window opens and states: "The process cannot access the file because it is being used by another process." That being said, the SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its 'date modified' time stamp corresponds to the most recent time that it was modified. I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\ directory, but the same window opens stating that "The process cannot access the file because it is being used by another process." Regardless, I doubt this is the System log found under Event Viewer because the time associated 'date modified' does not correspond to the most recent time it was modified. Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? Thanks in advance, AnnaMarie |
#29
|
|||
|
|||
Application, Security and System log files - where are they located
You're welcome.
Lets just hope Anna can find a solution. -- JS http://www.pagestart.com "Twayne" wrote in message ... Excellent links, JS; thanks. Twayne JS wrote: How to view and manage event logs in Event Viewer in Windows XP http://support.microsoft.com/kb/308427 See the section titled: "How to Set Log Size and Overwrite Options" How to Delete Corrupt Event Viewer Log Files http://support.microsoft.com/default...;EN-US;q172156 "The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)" Fix Corrupt Event Log Files http://www.tunexp.com/tips/maintain_...ent_log_files/ Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html EventSave and EventSave+ http://www.heysoft.de/Frames/f_sw_es_en.htm (allows you to select the event log types which you want to save and clear) "AnnaMarie" wrote in message ... Hi, On a daily basis, under Administrative Tools / Event Viewer, I inspect the Application, Security and System log files. When there are no problems, I manually clear each log file. I am getting tired of manually cleaning these log files and unless there is a simpler method, I would like to create a BATCH file program to delete the individual files that are created. Unfortunately, I do not know how or where they are written. According to its properties, Event Viewer is located in %SystemRoot%\system32\ directory, however, I do not find any log files there. I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read any of them a window opens and states: "The process cannot access the file because it is being used by another process." That being said, the SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its 'date modified' time stamp corresponds to the most recent time that it was modified. I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\ directory, but the same window opens stating that "The process cannot access the file because it is being used by another process." Regardless, I doubt this is the System log found under Event Viewer because the time associated 'date modified' does not correspond to the most recent time it was modified. Does anyone know how and where I can find the files associated with Event Viewer's Application, Security and System log files??? Thanks in advance, AnnaMarie |
#30
|
|||
|
|||
Application, Security and System log files - where are they located
Thank you for responding to my newsgroup posting and for sharing your 2 ¢,
Twayne. I do not know a thing about script writing, but am happy to report that the Security script worked. One down, two to go!! Attempting to capitalize on this achievement, I substituted SYSTEM for SECURITY and created a separate .vbs file. When executed, the following Windows Script Host pop-up states: Script: C:\clearSYS.vbs Line: 2 Char: 1 Error: 0x80041021 Code: 80041021 Source: (null) Similarly, I substituted APPLICATION for SECURITY and created a separate ..vbs file. When executed, the following Windows Script Host pop-up states: Script: C:\clearAPP.vbs Line: 2 Char: 1 Error: 0x80041021 Code: 80041021 Source: (null) Prior to researching the Error and Code numbers, I thought I would post my results with the hope there is a simple solution that someone here may know. Thanks again for sharing your 2 ¢, Twayne! AM "Twayne" wrote in message ... SNIP SNIP SNIP How about the Script to clear the Security event log after backing it up: http://www.winhelponline.com/article...ing-it-up.html link? It has a script that looks like it would work. Just my 2 ¢ |
Thread Tools | |
Display Modes | |
|
|