Error Opening Event Log Event Log File Corrupted
Contents |
Stewart -MSFTAugust 31, 20078 0 0 0 I am a frequent user of LogParser and when I recently started using Windows Server 2008 beta as my desktop OS I ran the event log file is corrupted windows 2008 into a problem with it. One of the things I use LogParser
The Event Log File Is Corrupted Windows 2003
for is extracting the information I need from my customers' event logs which are often quite large and usually
Event Log File Is Corrupted Windows 7
from Windows Server 2003. So I got a surprise when I first tried to do this on Longhorn: Logparser -i:EVT "select * from application.evt"Task aborted.Cannot open
Error Opening This Document The File Is Damaged
The event log file is corrupted.Statistics:-------Elements processed: 0Elements output: 0Execution time: 0.11 seconds Fortunately when I posted this problem to an internal group Neil Carpenter came back with a solution that had worked for him on Vista which he has also blogged about. This also worked on Longhorn (makes sense - similar code base / /API). I was curious to understand the underlying reason error opening pdf file damaged though. A bit of debugging case some light on it. Turned out that when LogParser was calling OpenBackupEventLog it was failing with an error saying the event log was corrupt. The documentation for OpenBackupEventLog states that it will open a handle to a backup event log created by BackupEventLog. As the event log format has changed significantly in Vista and Longhorn compared to previous OSes (warranting a new file extension of ‘EVTX') it is no surprise the OpenBackupEventLog has a problem with backup event logs from older versions of Windows So, if you are working with LogParser on a Vista or Longhorn system to parse event logs from a previous version of Windows, you first need to convert the event log to EVTX format: wevtutil export-log application.evt application.evtx /lf LogParser will then work happily with the EVTX file as input. Just specify -i:EVT on the LogParser command line as before. Cheers Doug
Tags Logparser Windows Server 2008 Comments (8) Cancel reply Name * Email * Website MSDN Blog Postings » LogParser, event logs and Longhorn Server says: August 31, 2007 at 12:43 pm PingBack from http://msdnrss.thecoderblogs.com/2007/08/31/logparser-event-logs-and-longhorn-server/ Reply Robert s15, 20073 0 0 0 LogParser is one of my absolute favorite tools, particularly for doing incident response. I event log corrupt server 2008 use it a lot to extract and order data into a windows 7 event log corrupt timeline (hmmm…that's a good topic for a future post). When I moved to Vista, I found fixevt one annoyance, though. The log file format in Vista has changed from *.evt to *.evtx -- the new log file format is XML based and all-round better https://blogs.msdn.microsoft.com/dougste/2007/08/31/logparser-event-logs-and-longhorn-server/ than the old-school evt files. Unfortunately, this causes a problem when using LogParser on Vista to parse event logs from down-level machines: C:\priv>logparser "SELECT * FROM Application.evt"Task aborted.Cannot open
Appearance Subscribe l l FOLLOW US TWITTER GOOGLE+ FACEBOOK GET UPDATES BY EMAIL Enter your email below to get exclusive http://www.howtogeek.com/howto/windows-vista/fixing-event-viewer-cannot-open-the-event-log-when-viewing-system-logs/ access to our best articles and tips before everybody else. RSS ALL ARTICLES FEATURES ONLY TRIVIA Search How-To Geek Fixing "Event Viewer cannot open the event log" When Viewing System Logs https://support.software.dell.com/intrust/kb/52230 As any geek knows, one of the first things that you do when troubleshooting a Windows problem is look into Event Viewer's Application or System logs, which typically are rich with event log information on what the problem is. But what if the event log itself is corrupted? I came across this exact situation the other day, where I was getting the error "Event Viewer cannot open the event log or custom view. Verify that Event Log service is running. The data is invalid (13)"… but the error only happened when trying to open the System log, event log file while the Application log was working just fine, and restarting Event Log or rebooting didn't help. What you can do in this situation is clear the system log, saving it to a file in the process. This will usually "reset" the log so that future events will be viewable. Clearing the System Log Here's an example of the error message that I've been getting: You can right-click on any of the logs and choose "Clear Log" from the menu. You'll want to choose "Save and Clear" when prompted just in case you need to access those events. Give the logfile a useful name, and then click the Save button to continue. Note that you probably won't be able to open the log with Event Viewer, but you could open it in a text editor and try and find some information in it. Now that I've cleared the log, you can see that I'm able to view the events in the System log again.
Extra Note: The problem I was encountering ended up being because I had 9 USB devices plugged into a machine with a very pathetic poweSonicWALL User Sorry, we are having issues processing your request. If you own the SonicWALL product requested please confirm that you have registered your product at My SonicWALL . If you have already registered your product then please contact Customer Service directly for further assistance at customerservice@software.dell.com. Continue × Support Forms Under Maintenance Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience. Continue Search Sign In Sign In Create Support Account Products ActiveRoles Boomi Change Auditor Foglight Identity Manager KACE Migration Manager Rapid Recovery Recovery Manager SharePlex SonicWALL Spotlight Statistica Toad View all Products Solutions Application & Data Integration Big Data Analytics Business Intelligence Cloud Management Data Protection Overview Backup and Recovery Deduplication and Compression Database Development and Management Database Replication & Backup Endpoint Management Mobile Workforce Management Overview Desktop Virtualization Enterprise Mobility Management Endpoint Security Network Security Secure Remote Access Performance Monitoring Security Overview Email Security Endpoint Security Identity & Access Management Network Security Secure Remote Access Virtualization Management Microsoft Platform Management View all Solutions Solutions by Platform Active Directory Exchange Google GroupWise & NDS Hadoop Hyper-V Lotus Notes Skype for Business/Lync Office 365 Oracle SharePoint SQL Server VMware Trials Buy Support By Product Line Enterprise Reporter Foglight KACE Migration Manager Migrator NetVault One Identity Quick Connect Performance Analysis Recovery Manager Shareplex SonicWALL Spotlight SQL Navigator Toad All Products Contact Support Download Software Knowledge Base My Account My Products My Service Requests My Licenses My Groups My Profile Policies & Procedures Professional Services Technical Documentation Training & Certification User Forums Video Tutorials Support Home Communities Partners × Email Share your favorite Support content with a friend. Email To Email From Subject Information from Dell Software Support Message You might be interested in the following information For more information regarding support on your Dell Software Product, please visit www.software.dell.com/support Print Email My Downloads () Support Knowledge Base InTrust Error: "Cannot convert file. The event log file is corrupted. (Win32 error: 1500)" when trying to (52230) × Retu