none
Recover Cleared Windows Event Viewer System Log RRS feed

  • 질문

  • While doing RCA of the problem, accidentally I have cleared logs instead of removing filter. Is their anyway I can recover them..
    2018년 6월 26일 화요일 오전 9:41

모든 응답

  • Check from C:\Windows\System32\winevt\Logs\System.evtx

    Else check .log, log1, log2 from 

    C:\Windows\System32\config
    2018년 6월 26일 화요일 오전 11:54
  • Unless you happen to have a backup they're gone.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • 답변으로 제안됨 Dave PatrickMVP 2018년 7월 8일 일요일 오후 3:03
    2018년 6월 26일 화요일 오후 1:14
  • Hi,

    Thanks for your question.

    If you ever saved the event  logs, you can find the logs in the system path (C:\Windows\System32\winevt\Logs\)

    Secondly, if there’s a system backup, you could try to restore from a previous system state to recover the logs.

    Hope this helps. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018년 6월 27일 수요일 오전 6:38
    중재자
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018년 6월 29일 금요일 오전 9:12
    중재자
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    2018년 7월 2일 월요일 오후 2:24
    중재자
  • Ctrl + Z literally worked for me in this same instance, just now...

    As long as you haven't taken many actions in Windows since then...

    • 답변으로 제안됨 MorganThePerson 2019년 8월 15일 목요일 오후 3:08
    2019년 8월 15일 목요일 오후 3:07