none
Recover Cleared Windows Event Viewer System Log RRS feed

  • 問題

  • While doing RCA of the problem, accidentally I have cleared logs instead of removing filter. Is their anyway I can recover them..
    2018年6月26日 上午 09:41

所有回覆

  • Check from C:\Windows\System32\winevt\Logs\System.evtx

    Else check .log, log1, log2 from 

    C:\Windows\System32\config
    2018年6月26日 上午 11:54
  • Unless you happen to have a backup they're gone.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    2018年6月26日 下午 01:14
  • Hi,

    Thanks for your question.

    If you ever saved the event  logs, you can find the logs in the system path (C:\Windows\System32\winevt\Logs\)

    Secondly, if there’s a system backup, you could try to restore from a previous system state to recover the logs.

    Hope this helps. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年6月27日 上午 06:38
    版主
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    2018年6月29日 上午 09:12
    版主
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    2018年7月2日 下午 02:24
    版主
  • Ctrl + Z literally worked for me in this same instance, just now...

    As long as you haven't taken many actions in Windows since then...

    2019年8月15日 下午 03:07