Windows Event logs store records of significant events which have occurred and can provide valuable information for diagnosing problems on your system. Examples of event logs include a failure to complete an action or to start a component or program.
The lists of events in each section in the Event Viewer accumulate over time and the lists can get very long and slow down the loading time of the Event Viewer. It can also make it difficult to find problems if there is a lot of data to search through. You might even encounter a message telling you the event log is full.
In this article, we will look at the native method for exporting Event Viewer logs and then look at a more straightforward way to work with Event Logs using the Lepide Data Security Platform.
The event log example we will look at is the Event Log Clear ID. Before clearing an event log, it is recommended that you export it to back it up and the steps below explain how to do this.
Using Event Viewer to Export Event Viewer Logs
- To run the Event Viewer – Press the Windows key + R and type in eventvwr.msc and click OK
- To collect Security Logs – From the tree on the left-hand side of the screen, select Windows Logs, Security
- To show Log clear events, filter by Event Id 1102 (Log clear Windows event id)
- To Save the event log – From the Actions window on the right-hand side of the screen, select Save All Events As….
- To export to CSV – Save the log file with your desired file name and location. Select the file type as .CSV to export the logs to CSV format
Using the Lepide Data Security Platform
The process of running the event viewer and knowing which event code relates to which activity can be both complex and time consuming. A simpler, more straightforward approach is to use the Lepide Data Security Platform. The Event Log Clear Report, which is included within the Lepide Solution, will show all Log clear events with one click. Below is an example of the Event Log Clear Report:
This report clearly shows information about Who cleared the log, When it was cleared and Where it was cleared from.
To run the report:
- From the States & Behavior screen under the Active Directory domain, choose the Event Log Clear Report
- Specify a Date Range and click Generate Report