Is there any way to undo after clearing a log on Windows 2008 server?

windows-server-2008 windows-event-log eventviewer

I accidentally cleared a event log. Is there any way I can get it back?


Solution 1:

They are gone, unless you either:

  • Saved the logs as it suggested you do when you clicked clear
  • Have a full system backup

It's also possible but unlikely data recovery software could undelete them. They are stored in C:\Windows\System32\winevt\Logs if you want to use software like GetDataBack or similar to try to recover them.

Solution 2:

Typically the event logs are stored in C:\Windows\System32\winevt\Logs. As ErkiA eludes to, restoring from backup maybe your only option. This is assuming you do a full system backup with somehthing like Backup Exec.

The only other saving grace is if you have Volume Shadow Copy on your Primary Drive. But still, this requires some source which you are actively backing up.

Related

Which firewall ports do I need to open in order for a domain trust to work?
Risks of Kerberos Delegation
CentOS - semanage - Delete range of ports
is TCP port exhaustion real? [closed]
Trying to set up SFTP only in a chroot jail for one user
Bridge to a used eth1 card without losing connection via that card
What to do after hitting the dreaded 256 max connections Apache Limit
Forwarding access to a subset of ssh-agent identitites
What's the best way to copy deduplicated files onto a new Server 2012 drive?
Is it wise to use SSHDs (Solid state hybrid drives) on a server?
Enabling VMware EVC on Westmere E5645 CPU only accepts "Nehalem" mode
Excessive 'TCP Dup ACK' & 'TCP Fast Retransmission' causing issues on network. What's causing this?