One of our Server 2012 boxes lost power unexpectedly recently. We're still not sure how it happened, but given its suddenness I suspect someone in the data centre tripped over a power cable.
I went to the System logs in the Event Viewer to check the box had come back OK and to find out what was going on before it went down and was horrified to find that all the logs between the unexpected power down and the previous clean shut down were missing.
Does the Event Log really only write to disk on a clean shutdown? Is there any way to force it to periodically write to disk to minimise data loss if this happens again?
The box in question is running Server 2012 and SQL Server 2012 Enterprise, hosting databases for a SharePoint 2013 installation – if that makes a difference! And no, before you ask, I haven't filtered the log by date 😉
Best Answer
Event Log is written to disk often enough. But... not to disk itself, but to disk cache. There are 2 layers of such caching:
OS level (how to flush: https://stackoverflow.com/questions/85595/flush-disk-write-cache-from-windows-cli)
RAID controller level - some of them have battery backup, some don't. Check your hardware...