locked
Huge number of events in Event Viewer RRS feed

  • Question

  • EDIT:Sorry about the formatting, I do not see how to add line spacing.  EDIT2: found it (forgot to disable an ad blocker)

    I just found out about the Event Viewer and I am worried about the number of events that are listed. I have reached the limit of events that are stored for a number of the logs and have no idea where to start cleaning them up/fixing the problems. I have 20/20 MB of stored logs for Application, Security, and System as well as 1/1 MB of:

    • ACEEvent log
    • Microsoft-Windows-Application-Experience/Program-Inventory
    • Microsoft-Windows-Application-Experience/Program-Telemetry
    • Microsoft-Windows-Bits-Client/Operational
    • Microsoft-Windows-DHCP Client Events/Admin
    • Microsoft-Windows-Diagnosis-DPS/Operational
    • Microsoft-Windows-Diagnosis-Scheduled/Operational
    • Microsoft-Windows-Diagnosis-Scripted/Operational
    • Microsoft-Windows-Diagnosis-Performance/Operational
    • Microsoft-Windows-DriverFrameworks-Usermode/Operational
    • Microsoft-Windows-HomeGroup Control Panel/Operational
    • Microsoft-Windows-HomeGroup Provider Service/Operational
    • Microsoft-Windows-Kernel-WHEA/Operational
    • Microsoft-Windows-Known Folders/ Operational
    • Microsoft-Windows-NetworkProfile/Operational
    • Microsoft-Windows-PrintService/Admin
    • Microsoft-Windows-ReadyBoost/Operational
    • Microsoft-Windows-Reality-Analysis-Engine/Operational
    • Microsoft-Windows-Resource-Exhaustion-Detector/Operational
    • Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
    • Microsoft-Windows-UAC-FileVertualization/Operational
    • Microsoft-Windows-Windows Defender/Operational
    • Microsoft-Windows-Windows Defender/WHC
    • Microsoft-Windows-Firewall With Advanced Security/Firewall
    • Microsoft-Windows-WindowsBackup/ActionCenter
    • Microsoft-Windows-WindowsSystemAssessmentTool/Operational
    • Microsoft-Windows-WLAN-AutoConfig/Operational
    • Microsoft-Windows-WPD-MTPClassDriver/Operational
    • Setup.

     With a couple of exceptions (that are over 1 MB but no where near maxing out their allotted space), everything else that is "enabled" is at 68 K. My current summary has this information:

    last 7 days

    Error: 4470 (Most from SAPI2: 4097, event ID: 4107), Warning:140, Information: 3344 (Service Control Manager: 1361, event ID: 7036), Audit Success: 2,666 (realize this is not important, but might explain some of the reached data limits above)

    A lot of this could have been caused by my initial data transfer between a laptop and this computer quite a while ago. Of particular note is that I had Microsoft Ultimate on the laptop and the desktop had the free version that came with it. This caused a number of issues with the latest update (probably the cause of the high number of errors over the last 7 days)and convinced me to do a manual un-install of Office as described on http://support.microsoft.com/kb/928218 (turns out that there were a couple of duplicates in the registry).

    Like I said at the start, I have no idea how to prioritize sifting through this information and fixing the problem areas. Can anyone be of assistance?

    • Edited by Ian The I Saturday, December 18, 2010 10:40 PM
    Saturday, December 18, 2010 7:11 PM

Answers

All replies

  • Can you export the eventlog entries and upload them?

    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Saturday, December 18, 2010 9:28 PM
  • This has the error coming from CAPI2 that is about 25,000/30,000 of the events in the Applications log: http://www.mediafire.com/?8llq7rwk186f2b1. All 25000 are reported as errors.  Seems like a good place to start.

    EDIT: I also checked the System log and, sure enough, 5600/50000 are errors relating to failed installations of updates for Microsoft Office/Ultamate programs.  Before I do anything else, I just want to confirm how to delete them: filter the list so that there is only the Event ID of the ones I want to delete, File>Options, Delete Files.  Considering all I went through to uninstall the Microsoft programs, I don't think there is any need for those error reports anymore.

    Saturday, December 18, 2010 10:34 PM
  • Others have the CAPI2 errors, too:

    http://social.technet.microsoft.com/Search/en-US/?query=CAPI2&rq=meta:Search.MSForums.GroupID%286acaa43a-f435-41fb-b68a-b44ccab4c2f4%29+site:microsoft.com&rn=All+Windows+7+IT+Pro+Forums

    Microsoft-Windows-Diagnosis-Performance/Operational means you PC is booting/shutdown too slowly.

    André


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    • Marked as answer by Ian The I Sunday, December 19, 2010 6:18 PM
    • Unmarked as answer by Ian The I Sunday, December 19, 2010 6:18 PM
    • Marked as answer by Ian The I Sunday, December 19, 2010 6:37 PM
    Sunday, December 19, 2010 2:26 PM
  • Ian The I

    As you have so many recorded events, I suggest you remove all the events and then start monitoring them on a daily basis.

    1. Delete all the log files, including the combined administrator log, by running this batch file as the Administrator http://www.sevenforums.com/tutorials/25480-event-viewer-one-click-clear.html?ltr=E

    2. To clear an individual log, open Event Viewer and in the left pane, right-click the one you want then click Clear Log.

    • Marked as answer by Ian The I Sunday, December 19, 2010 6:18 PM
    • Unmarked as answer by Ian The I Sunday, December 19, 2010 6:18 PM
    • Marked as answer by Ian The I Sunday, December 19, 2010 6:37 PM
    Sunday, December 19, 2010 2:37 PM
  • Just ran the fix-it program for the CAPI2 program (<http://support.microsoft.com/kb/2328240/en-us>) and the one click event cleaner.  Will let you know what the results are after restart.

    Edit: Seems to be working fine for now.  Only 7 errors and warnings on start up, and they look like small glitches that won't effect anything.  I'll look again tomorrow and see if anything came up.

    Sunday, December 19, 2010 6:20 PM