In This Article

How to View and Export Windows Event Logs

Danny Murphy | 3 min read| Published On - February 22, 2024

Event Log Export

Windows Event logs store records of significant events which have occurred and can provide valuable information for diagnosing problems on your system. Examples of event logs include a failure to complete an action or to start a component or program.

The lists of events in each section in the Event Viewer accumulate over time and the lists can get very long and slow down the loading time of the Event Viewer. It can also make it difficult to find problems if there is a lot of data to search through. You might even encounter a message telling you the event log is full.

In this article, we will look at the native method for exporting Event Viewer logs and then look at a more straightforward way to work with Event Logs using the Lepide Data Security Platform.

The event log example we will look at is the Event Log Clear ID. Before clearing an event log, it is recommended that you export it to back it up and the steps below explain how to do this.

Using Event Viewer to Export Event Viewer Logs

  1. To run the Event Viewer – Press the Windows key + R and type in eventvwr.msc and click OK

    2. run the Event Viewer

  2. To collect Security Logs – From the tree on the left-hand side of the screen, select Windows Logs, Security

    3. collect Security Logs

  3. To show Log clear events, filter by Event Id 1102 (Log clear Windows event id)

    4. show Log clear events

  4. To Save the event log – From the Actions window on the right-hand side of the screen, select Save All Events As….

    5. Save the event log

  5. To export to CSV – Save the log file with your desired file name and location. Select the file type as .CSV to export the logs to CSV format

    6. export to csv

Using the Lepide Data Security Platform

The process of running the event viewer and knowing which event code relates to which activity can be both complex and time consuming. A simpler, more straightforward approach is to use the Lepide Data Security Platform. The Event Log Clear Report, which is included within the Lepide Solution, will show all Log clear events with one click. Below is an example of the Event Log Clear Report:

Lepide DSP Event Log report

This report clearly shows information about Who cleared the log, When it was cleared and Where it was cleared from.

To run the report:

  • From the States & Behavior screen under the Active Directory domain, choose the Event Log Clear Report
  • Specify a Date Range and click Generate Report
Danny Murphy
Danny Murphy

Danny brings over 10 years’ experience in the IT industry to our Leadership team. With award winning success in leading global Pre-Sales and Support teams, coupled with his knowledge and enthusiasm for IT Security solutions, he is here to ensure we deliver market leading products and support to our extensively growing customer base

See How Lepide Data Security Platform Works
x
Or Deploy With Our Virtual Appliance

By submitting the form you agree to the terms in our privacy policy.

Popular Blog Posts
Microsoft partner gold application development DMCA