How to repair a corrupt event log file?

[Pet35]

Windows 2000 Server SP4.
After a system crash the event log files got corrupt.
The event log service was locked due to the corrupt files.
Thanks to sioxley's advise, I managed to restart the event
log service after removing the old *.evt files.

Now I'd like to repair the damaged files in order to check
what happened before the system crash.

I have tried to open the old files from the event log
viewer, but the viewer got locked again. (Also tried
on an XP computer with the same result.)

So, I would appreciate any ideas how to repair the log.

 

[ITPangaeaArchitect]

youve got to stop teh event logging service, create new txt files except name the the event log name.evt...SecEvent.evt, System.evt, etc....replace teh files and thatll do it

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there

 

[Pet35]

Hello Brandon,

I'm afraid, I couldn't really understand your instructions.
Can you please describe it a little bit more detailed way.
Thank you for your patience

Best regards.
Peter.

 

[Castor66]

Try using logparser to read the files.

logparser -i:EVT -o:CSV "Select * into application.csv from application.evt"

logparser -i:EVT -o:CSV "Select * into security.csv from security.evt"

logparser -i:EVT -o:CSV "Select * into system.csv from system.evt"

Not sure if it will work buit it's worth a try.

 

[ITPangaeaArchitect]

actually i think i misunderstood yours

i was just telling you how to manually rebuild the event viewer

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there