Application, Security and System log files - where are they located

  • Thread starter Thread starter AnnaMarie
  • Start date Start date
A

AnnaMarie

Hi,

On a daily basis, under Administrative Tools / Event Viewer, I inspect the
Application, Security and System log files. When there are no problems, I
manually clear each log file.

I am getting tired of manually cleaning these log files and unless there is
a simpler method, I would like to create a BATCH file program to delete the
individual files that are created. Unfortunately, I do not know how or
where they are written. According to its properties, Event Viewer is
located in %SystemRoot%\system32\ directory, however, I do not find any log
files there.

I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or
'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read
any of them a window opens and states: "The process cannot access the file
because it is being used by another process." That being said, the
SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its
'date modified' time stamp corresponds to the most recent time that it was
modified.

I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\
directory, but the same window opens stating that "The process cannot access
the file because it is being used by another process." Regardless, I doubt
this is the System log found under Event Viewer because the time associated
'date modified' does not correspond to the most recent time it was modified.

Does anyone know how and where I can find the files associated with Event
Viewer's Application, Security and System log files???

Thanks in advance,

AnnaMarie
 
How to view and manage event logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427
See the section titled:
"How to Set Log Size and Overwrite Options"

How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q172156
"The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)"

Fix Corrupt Event Log Files
http://www.tunexp.com/tips/maintain_your_computer/fix_corrupt_event_log_files/

Script to clear the Security event log after backing it up:
http://www.winhelponline.com/articl...e-Security-event-log-after-backing-it-up.html

EventSave and EventSave+
http://www.heysoft.de/Frames/f_sw_es_en.htm
(allows you to select the event log types which you want to save and clear)
 
Excellent links, JS; thanks.

Twayne

How to view and manage event logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427
See the section titled:
"How to Set Log Size and Overwrite Options"

How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q172156
"The Event Viewer Log files (Sysevent.evt, Appevent.evt,
Secevent.evt)"
Fix Corrupt Event Log Files
http://www.tunexp.com/tips/maintain_your_computer/fix_corrupt_event_log_files/

Script to clear the Security event log after backing it up:
http://www.winhelponline.com/articl...e-Security-event-log-after-backing-it-up.html

EventSave and EventSave+
http://www.heysoft.de/Frames/f_sw_es_en.htm
(allows you to select the event log types which you want to save and
clear)
Click to expand...
 
AnnaMarie said:
I do not know whom "OP" is, but if its ME, then, Mort, in general you
may be correct, however, specifically, JS posted reply did HELP
answer my QUESTION regarding where the files associated with Event
Viewer's Application, Security and System logs were located:

C:\WINDOWS\system32\config\AppEvent.Evt
C:\WINDOWS\system32\config\SecEvent.Evt
C:\WINDOWS\system32\config\SysEvent.Evt

Unfortunately, after reviewing the contents associated with the
suggested links, I was unable to resolve my other goal of creating a
BATCH file program to delete the individual files that are created.
Given the various system responses including, but not limited to,
"The process cannot access the file because it is being used by
another process" as well as the Microsoft article that states, "The
Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are
always in use by the system, preventing the files from being deleted
or renamed," it appears that my goal may never be achieved.

AnnaMarie
Click to expand...

How about the Script to clear the Security event log after backing it
up:
http://www.winhelponline.com/articl...e-Security-event-log-after-backing-it-up.html
link? It has a script that looks like it would work.

Just my 2 ¢
 
Thank you for responding to my newsgroup posting and for sharing your 2 ¢,
Twayne.

I do not know a thing about script writing, but am happy to report that the
Security script worked. One down, two to go!!

Attempting to capitalize on this achievement, I substituted SYSTEM for
SECURITY and created a separate .vbs file. When executed, the following
Windows Script Host pop-up states:

Script: C:\clearSYS.vbs
Line: 2
Char: 1
Error: 0x80041021
Code: 80041021
Source: (null)

Similarly, I substituted APPLICATION for SECURITY and created a separate
..vbs file. When executed, the following Windows Script Host pop-up states:

Script: C:\clearAPP.vbs
Line: 2
Char: 1
Error: 0x80041021
Code: 80041021
Source: (null)

Prior to researching the Error and Code numbers, I thought I would post my
results with the hope there is a simple solution that someone here may know.

Thanks again for sharing your 2 ¢, Twayne!

AM
 
I found the following article by Microsoft, Backing Up and Clearing Event
Logs, for Microsoft® Windows® 2000 Scripting Guide, located here . . .
www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true

This article includes a section titled, 'Listing 12.5 Backing Up and
Clearing an Event Log' that details the following script:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next

Unfortunately, this script did not work. When executed, a Windows Script
Host pop-up window states: The Application event log could not be backed up.
It seems reasonable to conclude that this script fails because this article
applies to Windows 2000 and not Windows XP SP2 (as is my operating system).

Next, I Googled . . . "Backing Up and Clearing Event Logs" "Microsoft
Windows XP Scripting Guide" . . . but it produced not hits.

A few Googles later, I found . . .
www.microsoft.com/technet/scriptcenter/scripts/kixtart/logs/eventlog/default.mspx?mfr=true
.. . . which states that it supports the Windows XP platform (among others)
and includes the following script:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next

Unfortunately, like the Windows 2000 script, it did not work. When
executed, a Windows Script Host pop-up window states: The Application event
log could not be backed up.

Looks like its back to the drawing board, for me.

AM :o(
 
Hi JS,

Due to its cost, I chose to go the freeware route and downloaded a similar
product, highly taughted by the editors of CNET, AutoHotkey 1.0.48 Beta.

It did not work. Hell, it did not install properly either. I tired
downloading again, but ended up with the same result.

AM
 
It's a "Beta" version which means it come with bugs.
See if you find the earlier (no beta version) and
try it. Un-install the beta before installing and other
version.
 
Thu said:
Due to its cost, I chose to go the freeware route and downloaded a similar
product, highly taughted by the editors of CNET, AutoHotkey 1.0.48 Beta.

It did not work. Hell, it did not install properly either. I tired
downloading again, but ended up with the same result.
Click to expand...

Autohotkey has been a champ for me and for every friend and relative
I've recommended it to. None of us had any trouble installing it or
using it.
 
Thank you, JS, I also was aware of Beta issues.

However, no earlier version was readily available at downloads.com and given
the long history of freeware, the Beta version should have installed
properly. It is quite confusing and I may have to try it again.

Both failed attempts were installed with ZERO programs running in the
background - in fact, a fresh boot with ZERO startup programs.

Course, ZERO startup programs is a bit of a LAFF for me because, in this
regard, I run a LEAN and MEAN startup with only four programs including
'point32 - a Microsoft Trackball Mouse, stsystra - a SigmaTel C-Major Audio
Tray Application (a program that I believe I do not need to include in
startup, though by default, on my XP SP2 Dell, it loads anyway), a program
called Tiny Watcher and another called HDTVScheduler.

Thanks for your continued encouragement, JS. :o)

AnnaMarie
 
Well, I finally got AutoHotKey installed and upon reviewing the tutorial
[www.autohotkey.com/docs/Tutorial.htm], specifically the section on Sending
keystrokes and mouse clicks, I see that this freeware really requires a lot
of user input to make it work. I am disappointed that it cannot
automatically record the mouse positions, active windows, etc, and create a
script file. In short, it does not look like I will be spending a few hours
learning how to use AutoHotKey because its not particularly auto-for-me.
Shoot, it creates macros that I can create with batch files - and I don't
have to read or learn anything - batch files have been around since the
first days of DOS.

Oh well.

AM
 
Well, I finally got AutoHotKey installed and upon reviewing the tutorial
[www.autohotkey.com/docs/Tutorial.htm], specifically the section on Sending
keystrokes and mouse clicks, I see that this freeware really requires a lot
of user input to make it work. I am disappointed that it cannot
automatically record the mouse positions, active windows, etc, and create a
script file. In short, it does not look like I will be spending a few hours
learning how to use AutoHotKey because its not particularly auto-for-me.
Click to expand...


I think you are overestimating its difficulty by far. It is really
very simple to use, and learning it shouldn't take any more than a few
minutes.
 
Have you tried setting the properties to:
"Overwrite events old than" = 1 Day

--
JS
http://www.pagestart.com


AnnaMarie said:
Well, I finally got AutoHotKey installed and upon reviewing the tutorial
[www.autohotkey.com/docs/Tutorial.htm], specifically the section on
Sending keystrokes and mouse clicks, I see that this freeware really
requires a lot of user input to make it work. I am disappointed that it
cannot automatically record the mouse positions, active windows, etc, and
create a script file. In short, it does not look like I will be spending
a few hours learning how to use AutoHotKey because its not particularly
auto-for-me. Shoot, it creates macros that I can create with batch files -
and I don't have to read or learn anything - batch files have been around
since the first days of DOS.

Oh well.

AM




Stan Brown said:
Autohotkey has been a champ for me and for every friend and relative
I've recommended it to. None of us had any trouble installing it or
using it.

Stan Brown
Click to expand...
Click to expand...
 
Given your persistent encouragement, JS, I elected to open up the AutoHotKey
directory and look at the executables.

Once there, I found AutoScriptWriter and opened it. After a quick trial and
error, I figured out what to do, saved my file as "Event Viewer Clear
Logs.ahk" and created a short-cut to my Desktop. Then, opening this
short-cut's Properties, I edited 'Opens with:' to AutoHotkey.exe and it
worked perfectly.

I should add, at first I was a bit startled when the Event Viewer window
popped open and the mouse cursor flew across the screen reiterating all of
the mouse clicks that I had recorded earlier with AutoScriptWriter.

I want to extend my sincere appreciation and gratitude to JS and Stan Brown,
and all others who supported, encouraged and guided me along my quest to
replace my daily task of manually clearing Event Viewer's Application,
Security and System log files with an automated equivalent, including
Twayne, and Ken Blake.

Oh, and thanks to Mort and Olórin for helping me maintain my focus.

Thank you, again, everyone!!

With kindest regards,

AnnaMarie :o)
 
Back
Top