Is it possible to access the log with powershell, or remote?
On 10.05.2017 17:23, Heaton, Joseph@Wildlife wrote:
Server 2012R2
Domain Controller
Main DHCP server for the domain
This is affecting only my Security event log. The Application and
System logs are working fine. When I try to look at the Security log,
I get an error:
“Event Viewer cannot open the event log or custom view. Verify that
Event Log service is running or query is too long. The instance name
passed was not recognized as valid by a WMI data provider (4201)”
I have been searching the internet, and have found plenty of stuff on
this error, but nothing has looked right. Permissions are correct in
the registry, permissions are correct in the file structure, the event
log keys are correct value in the registry. The Windows Event Log
service is running, which was another symptom people were listing.
There are no custom views setup, or filters.
When I look at the properties of the Security log within Event Viewer,
it shows the Log size as 0 bytes. The max log size was up to 12.5GB
(I did NOT set it to that). The size of the actual log in the
directory is 8GB. I have manually reset the max size to 4GB, closed
out the Event Viewer, reopened it, and the max size had changed to 8GB.
I have been digging on this for a few days now, and just can’t find a
solution. We do have Splunk in place, and what it is seeing as far as
Security logs, are 521 entries, which say “Unable to log events to
security log”. Which makes sense, since the security log is hosed.
Can I simply rename the actual log file, or move it out of the
location, and the system would recreate it? Any help/tips/advice you
guys can offer would be greatly appreciated.
Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9^th Street, 3^rd Floor
Sacramento, CA 95811
Desk: (916) 323-1284
Every Californian should conserve water. Find out how at:
SaveOurWater_Logo <http://saveourwater.com/>
SaveOurWater.com <http://saveourwater.com/>· Drought.CA.gov
<http://drought.ca.gov/>
