Microsoft KB Archive/315147

= HOW TO: Clear the Event Logs in Windows 2000 =

PSS ID Number: 315147

Article Last Modified on 10/30/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional

-



This article was previously published under Q315147



IN THIS TASK

 * SUMMARY
 * ** Primary Event Logs in Windows 2000
 * How to Clear Windows 2000 Log Files
 * Troubleshooting



SUMMARY
This step-by-step article describes how to clear the Windows 2000 Event Logs. With Windows 2000 Event Logs, you can monitor events that are related to applications, security, and system events.

back to the top

Primary Event Logs in Windows 2000
There are three primary Event Logs on Windows 2000-based computers:
 * Application Log
 * System Log
 * Security Log

The Application Log contains events that are related to applications and programs that are running on the Windows 2000-based computer (for example, an e-mail server or database server application on the Windows 2000 Server-based computer). These applications can report significant application-related events to the Application Log.

The System Log contains events that are related to operating system components (for example, a failure of a system service or driver). The failure is reported to the System Log. Windows 2000 is preconfigured to report system events to the System Log so that you do not need to configure the operating system to report these events.

The Security Log records security events such as successful and unsuccessful log on attempts. Security information about objects that are audited also appears in the Security Log.

The size of each log can be configured by an administrator. The default size of Windows 2000 logs is 512 kilobytes (KB). This value can be changed to accommodate larger log sizes. However, when log sizes become large and filled with entries, it can be difficult to find salient entries. You should clear log files should be cleared periodically to make them more interpretable.

back to the top

How to Clear Windows 2000 Log Files
To clear Windows 2000 log files, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
 * 2) In the Event Viewer window, right-click the Application Log, and then click the Clear all Events command.

An Event Viewer dialog box appears. The Event Viewer dialog box asks if you want to save the Application Log before you clear it.
 * 1) Click Yes to save the log.
 * 2) In the Save &quot;Application Log&quot; As dialog box, select a location to save the log file. Type a name for the log in the File name box.

A good practice is to include the log type and the date that the log was saved, for example, applog 11232001.
 * 1) Click the Save button to save the log file.

The log file is stored with the file extension .evt. These .evt files can be opened in the Event Viewer. You are returned to the Event Viewer window after the log file is saved. Note that there are no entries in the right pane. This indicates that there are now no entries in the Application Log.
 * 1) Right-click the Security Log, and then click the Clear all Events command.
 * 2) Click Yes to save the log file.
 * 3) Choose a location to save the log file, and then type a name for the Security Log. Click Save to save the log file.
 * 4) You are returned to the Event Viewer windows after you save the Security Log.

The right pane is not empty. The first entry that appears after you clear the Security Log is a Success Audit entry.
 * 1) Double-click the entry in the right pane.
 * 2) In the Event Properties dialog box, read the Description information. This event records the fact that the audit log was cleared. Click OK to close the dialog box.

The System Log is cleared in the same way as the Application Log.

back to the top

Troubleshooting
Log file entries are overwritten based on a policy you set for each log. The three Event Log wrapping options are:
 * Overwrite events as needed
 * Overwrite events older than x number of days
 * Do not overwrite events

If you select the option to not overwrite events, no more entries can be placed in the log. You can manually clear the log to allow new entries.

Log file sizes can be as large as the capacity of the disk and memory of the Windows 2000-based computer. You need to clear the log if you need to reduce the log file size.

back to the top

Keywords: kbhowto kbHOWTOmaster KB315147

Technology: kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.