none
Clearing old archives from System32\winevt\logs

    Question

  • We're having disk space issues on a server running 2008 R2 and I've noticed that the event logs are auto-archiving. I've copied the archive files to another drive but now cannot get the archives to delete out of the \winevt\logs folder as they appear to be locked by running processes. How do I unlock the older archives (that shouldn't be getting written to currently) in order to delete them from the C: drive and clear the space?
    Wednesday, September 05, 2012 5:13 PM

Answers

  • We're having disk space issues on a server running 2008 R2 and I've noticed that the event logs are auto-archiving. I've copied the archive files to another drive but now cannot get the archives to delete out of the \winevt\logs folder as they appear to be locked by running processes. How do I unlock the older archives (that shouldn't be getting written to currently) in order to delete them from the C: drive and clear the space?

    You cannot delete the event log archives when event log service is running.

    Please disable " Windows Event Log " service from services console (services.msc) and then try deleting the archived logs.

    Hope that helps



    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Wednesday, September 05, 2012 5:43 PM

All replies

  • We're having disk space issues on a server running 2008 R2 and I've noticed that the event logs are auto-archiving. I've copied the archive files to another drive but now cannot get the archives to delete out of the \winevt\logs folder as they appear to be locked by running processes. How do I unlock the older archives (that shouldn't be getting written to currently) in order to delete them from the C: drive and clear the space?

    You cannot delete the event log archives when event log service is running.

    Please disable " Windows Event Log " service from services console (services.msc) and then try deleting the archived logs.

    Hope that helps



    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

    Wednesday, September 05, 2012 5:43 PM
  • I was afraid of that. Unfortunately there are several other services on that server that are dependent on the Event Log service (discovered this when I tried to stop that service previously). We will probably schedule this as an after-hours maintenance task. Thanks for the quick reply!
    Thursday, September 06, 2012 1:10 PM