event viewer system logging is not working

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

There are no new event logs seen in
system tools: event viewer:system
for the last year.
The most 'recent' ones shown are
10/1/2033
when the system clock was wrong for a short time.

Any ideas?
 
In
Vern said:
There are no new event logs seen in
system tools: event viewer:system
for the last year.
The most 'recent' ones shown are
10/1/2033
when the system clock was wrong for a short time.

Any ideas?
Click to expand...

Export the log(s) to .evt files and clear them....see if it works after
that. You might want to restart the event log service.
 
Event Viewer Logs Empty

Make sure the Event Log service is set to Automatic and running.

Clear *all* Events. There may still be some data and it may be corrupted.

In Event Viewer, right click Application, Security and System one at a time
| Clear All Events | Click No to... [[Do you want to save "Application"
before clearing it?]]

How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/kb/172156

The event log stops logging events before reaching the maximum log size
http://support.microsoft.com/?kbid=312571

Make sure that the Overwrite Option is set...

How to Set Log Size and Overwrite Options
To specify log size and overwrite options, follow these steps:
1. Click Start, and then click Control Panel. Click Performance and
Maintenance, then click Administrative Tools, and then double-click Computer
Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer, and then right-click the log in
which you want to set size and overwrite options.
3. Under Log size, type the size that you want in the Maximum log size box.
4. Under When maximum log size is reached, click the overwrite option that
you want.
5. If you want to clear the log contents, click Clear Log.
6. Click OK.

Are the log files in the correct location?

Event Viewer log locations

AppEvent.Evt = Application
SecEvent.Evt = Security
SysEvent.Evt = System

C:\WINDOWS\system32\config\AppEvent.Evt
or
%windir%\system32\config\AppEvent.Evt

C:\WINDOWS\System32\config\SecEvent.Evt
or
%windir%\System32\config\SecEvent.Evt

C:\WINDOWS\system32\config\SysEvent.Evt
or
%windir%\system32\config\SysEvent.Evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Value Name: File
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\config\AppEvent.Evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
Value Name: File
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\System32\config\SecEvent.Evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System
Value Name: File
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\config\SysEvent.Evt


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Back
Top