This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

How to recover deleted event logs?

Question
0

Sign in to vote

I hope someone get the answer. I remotely view System Event Log on server to investigate unexpected shutdown, I got filter set, and accidental clear the System Logs instead of Clear the filter. Is there a way to recover? where would the System Event log located? I can recover from yesterday backup (last resource)

The System was shutdown unexpected this morning, so no backup for today, is there a way to find out in Application Logs what and who shutdown/restart the server? Thanks

Look like no one aswered this thread..

http://social.technet.microsoft.com/Forums/en-US/itprovistaapps/thread/88482a51-242b-4a1a-b3ec-485492add884
Thang Mo

Friday, February 17, 2012 4:46 PM

Answers

0

Sign in to vote
C:\Windows\System32\winevt\Logs\System.evtx

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, February 20, 2012 8:29 AM
- Marked as answer by ThangMo Monday, February 20, 2012 7:11 PM
Saturday, February 18, 2012 4:04 PM

All replies

0

Sign in to vote
C:\Windows\System32\winevt\Logs\System.evtx

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, February 20, 2012 8:29 AM
- Marked as answer by ThangMo Monday, February 20, 2012 7:11 PM
Saturday, February 18, 2012 4:04 PM
0

Sign in to vote

On Win2008 Server R2 -- I have a similar issue and when I look C:\Windows\System32\winevt\Logs\System.evtx here I don't see the old logs. Does anyone know if we can recover this with out performing a full system restore?

Monday, March 24, 2014 3:39 PM
0

Sign in to vote

Yes, i have similar issue. my laptop has been remote by backdoor malicious. Yesterday i able to view full log and today it vanished. How can i retrieve my event log.

Tuesday, July 4, 2017 2:06 PM