Windows – Where/how does Windows store the data in the event logs

windowswindows-event-log

We run some financial systems that log error messages to the system logs. I need to find out if we can clean these error messages from a PCI DSS point of view.

I am specificaly interested in the answer for:

Windows 2000 Server and
Windows 2003 SP1

Best Answer

With Windows 2000/Server2003/Windows XP, the logs are stored in the %SystemRoot%\System32\Config directory, with an .evt extension.

With Server 2008/Vista and up, the log are stored in the %SystemRoot%\system32\winevt\logs directory, and have an .evtx extension. It's possible to convert old .evt files to the newer .evtx format

Within the Computer Manager you can also export them to a .txt or .csv file.

Related Solutions

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

How to find the reason for the last shutdown in Windows Server 2003

Open eventvwr → System.

View → Filter... → Event Id: 1074 and 1076. Comment field will contain what you typed in.

If there are no other events around that time to give you any clues, you may want to adjust your auditing settings to catch more items, but Sean Earp's link will probably give better details on that.

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

How to find the reason for the last shutdown in Windows Server 2003

Related Topic