Windows Event Log entries prior to maintenance are gone

  • Hello,

    I know this is more of a Windows question, but I'm hoping some DB folks may be able to help.

    We recently upgraded the RAM on a SQL 2005 cluster of ours (on Win 2003 x64 Enterprise Edition), and now the Application and Security event logs no longer have entries prior to the upgrade. The properties for those event logs are set to 'Overwrite events as needed', but so are the properties for the System event log and its entries prior to the upgrade are still there.

    Does anyone know why these entries prior to the maintenance would have been lost? Is it because the SQL application was restarted?

    Also, are there any archived copies kept anywhere by Windows?

    Thanks in advance for any help!

    webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

  • - Hardware upgrades don't clear log files.

    - Log archives are not created by default. You can increase the permitted size.

    - Different logs have different levels of activity, so their dates will not be identical.

    - The logs in question have been overwritten because of server activity.

  • By default, all three logs (application, security, system) are rather small. If you have any kind of auditing turned on, the security log rolls over very, very quickly. We have our Security logs about as large as can be on an x86 system (total of all event logs max is about 300 MB) and on some systems we get roll over in just a day and a half. Also, the Application log tends to get a lot more events than the System log, especially where SQL Server is involved. It is "chatty" to say the least. So likely, the Application and Security event logs rolled over, as Dennis posted.

    With respect to archives, the operating system keeps none. It assumes you've made the logs a large enough size to handle the # of events. You can, however, pull a log from a backup, if you're capturing the right locations.

    K. Brian Kelley
    @kbriankelley

  • Thanks so much for the replies.

    webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply