Re: Unable to access System & Application logs
From: Joe Tuck (JoeTuck_at_discussions.microsoft.com)
Date: 02/11/05
- Next message: Torgeir Bakken \(MVP\): "Re: MOM 2005 account security reports"
- Previous message: Mark Stonestreet: "security log anomolies"
- In reply to: Amit Kaushal: "Re: Unable to access System & Application logs"
- Next in thread: Steven L Umbach: "Re: Unable to access System & Application logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Feb 2005 07:33:02 -0800
Amit,
Yes the procedure you referenced would be the way to clear out the corrupt
evt files. Also documented in MS KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-us;172156
However note this process requires at least one reboot so you would need to
schedule a reboot this as you noted it to be a production server. or make the
change so the event log service then will not start on the next scheduled
reboot. Then you can take care of the files and then just change the service
back as described in article 172156
Also you may want to review this article for possible hotfix in case issue
is wit event logs becoming full:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829246
This version of eventlog.dll is
16-Oct-2003 04:31 5.0.2195.6866 47,376 Eventlog.dll
Check properties of your eventlog.dll file to see if yours is an earlier
version. If you run into this issue when your logs become full then you may
want to call MS to request it. Call would be free.
-Joe Tuck
"Amit Kaushal" wrote:
> Hi Steve,
>
> Thanks, as suggested by you, i went and checked the permissions for
> administrator they are correct :-( anything else ?
>
> Pls check the link below and suggest if i should try it :
>
> http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/AdminTips/EventLogs/HowtoDeleteCorruptEventViewerLogFiles.html
>
> It suggests this Assuming the .evt files is corrupt:
> One of the .evt files is corrupt. You will not be able to rename or
> delete Sysevent.evt, Appevent.evt, or Secevent.evt since they are
> always in use by the system. The EventLog service cannot be stopped
> because it is required by other services. If you can start a registry
> editor locally or if you have remote registry access, change the
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Start
> value from 0x02 to 0x04 and reboot. Various services will fail at
> reboot. Delete the event logs, %SystemRoot%\system32\config\*.evt.
> Change the Start value back to 0x02 and reboot. The system will
> automatically generate new, clear logs.
>
>
>
> BTW the servers are in a production environment.
>
> Best Regards
> amit
>
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:<f4GdnbGfa_9t_5HfRVn-jQ@comcast.com>...
> > See if you can clear those logs, which you may be able to do even if you can
> > not access them in case of corruption though that would be unusual for that
> > to happen to both dc's at the same time. Check the group membership of your
> > account to make sure it is not a member of the guests group as guests may be
> > blocked from accessing those logs by Group Policy [stranger things have
> > happened]. Check the ntfs permissions on the .evt logs on the dc's to make
> > sure administrators have allow permissions and no deny permissions. ---
> > Steve
> >
> >
> > "Amit Kaushal" <amit@billdesk.com> wrote in message
> > news:4c63c8fc.0502102146.31beecfa@posting.google.com...
> > > Hi,
> > >
> > > I have a windows 2000 domain with 2 DC's, both of them have SP4
> > > installed.
> > >
> > > After i did a reboot about 2 days, back i am unable to access the
> > > System & Application logs on both the servers. I am logged in as the
> > > administrator.
> > > I can view the security log, Directory service, DNS server and File
> > > Replication service without any issues. I am unable to access the
> > > above mentioned 2 logs even if i am accessing them from the server.
> > >
> > >
> > > Any pointers/ help will be highly appreciated.
> > >
> > > TIA
> > > Best Regards
> > > amit kaushal
> > > amit@billdesk.com
>
- Next message: Torgeir Bakken \(MVP\): "Re: MOM 2005 account security reports"
- Previous message: Mark Stonestreet: "security log anomolies"
- In reply to: Amit Kaushal: "Re: Unable to access System & Application logs"
- Next in thread: Steven L Umbach: "Re: Unable to access System & Application logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
