Announcement

Collapse
No announcement yet.

Event Logs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Event Logs

    Can anyone know how to edit event log application.
    Suppose some event in application need to be deleted than is it possible to remove that particular event.

  • #2
    Re: Event Logs

    Why would you want to delete particular events? The event log is a history of things happening on your server so has important uses both for troubleshooting and as evidence.
    You can clear the whole log (preferably after exporting a copy) but cannot deal with individual events. If you want to filter the log (hide things you dont want to see) you can do this easily.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Event Logs

      What is the event you are trying to remove, and more importantly why? I cannot think of any legitimate reason for doing so.

      Generally speaking the only reason someone would want to delete a single entry in the event log is to cover up something that they did. Naturally, being able to do this would be a bad thing. You can clear the log, but this will leave behind a log entry saying who did it
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Event Logs

        this is my query whether this can be possible or not...????
        because i know anything can be possible.....

        Comment


        • #5
          Re: Event Logs

          Ok, it would be possible (but difficult) to write an application that would

          • disable the relevant monitoring services without making the operating system aware that they were disabled
          • directly edit the files used to store event log entries
          • restart the monitoring services, suppressing any "service restarting" logs that would be generated
          • remove all traces of itself without generating any more logs

          all without affecting functionality of any of the server's services, and without attracting the unwanted attention of an administrator.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: Event Logs

            but how we can edit EVT files.

            Comment


            • #7
              Re: Event Logs

              Well you got a few problems with this:
              first of all, as you boot op Windows the eventlog will be started and you can't stop it.
              This means that the files are opened by the system and their is no way to stop it.

              So you have to boot from a live CD to be able to access the Evt files.

              After you have copied them you can try to edit them with an text editor. However, if you screw it up, no events will be logged at all. So there is a certain risk you should be aware off.

              Also, I have doubts if you really should go this way. You are trying to remove events which could be evidence. If you are trying to hide your tracks then I think you are going the wrong way.
              Why are you so desperate to edit the eventviewer logs? They have an important use.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Event Logs

                Originally posted by lisa804u View Post
                but how we can edit EVT files.
                If they are plaintext, then once you have gained write access to them then you would edit them as text. If they are not plaintext, then you would need to find a program capable of editing them.

                But as has already been pointed out several times, if you are asking this legitimately, then it is not something you would want to do. If you actually do want to do this, then it is highly unlikely that you intend to do so for a legitimate purpose.
                Gareth Howells

                BSc (Hons), MBCS, MCP, MCDST, ICCE

                Any advice is given in good faith and without warranty.

                Please give reputation points if somebody has helped you.

                "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                Comment

                Working...
                X