none
Recover Cleared Windows Event Viewer System Log RRS feed

  • Pergunta

  • While doing RCA of the problem, accidentally I have cleared logs instead of removing filter. Is their anyway I can recover them..
    terça-feira, 26 de junho de 2018 09:41

Respostas

Todas as Respostas

  • Check from C:\Windows\System32\winevt\Logs\System.evtx

    Else check .log, log1, log2 from 

    C:\Windows\System32\config
    terça-feira, 26 de junho de 2018 11:54
  • Unless you happen to have a backup they're gone.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    terça-feira, 26 de junho de 2018 13:14
  • Hi,

    Thanks for your question.

    If you ever saved the event  logs, you can find the logs in the system path (C:\Windows\System32\winevt\Logs\)

    Secondly, if there’s a system backup, you could try to restore from a previous system state to recover the logs.

    Hope this helps. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    quarta-feira, 27 de junho de 2018 06:38
    Moderador
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    sexta-feira, 29 de junho de 2018 09:12
    Moderador
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    segunda-feira, 2 de julho de 2018 14:24
    Moderador
  • Ctrl + Z literally worked for me in this same instance, just now...

    As long as you haven't taken many actions in Windows since then...

    • Sugerido como Resposta MorganThePerson quinta-feira, 15 de agosto de 2019 15:08
    quinta-feira, 15 de agosto de 2019 15:07