Hi,

On a daily basis, under Administrative Tools / Event Viewer, I inspect the
Application, Security and System log files. When there are no problems, I
manually clear each log file.

I am getting tired of manually cleaning these log files and unless there is
a simpler method, I would like to create a BATCH file program to delete the
individual files that are created. Unfortunately, I do not know how or
where they are written. According to its properties, Event Viewer is
located in %SystemRoot%\system32\ directory, however, I do not find any log
files there.

I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or
'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read
any of them a window opens and states: "The process cannot access the file
because it is being used by another process." That being said, the
SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its
'date modified' time stamp corresponds to the most recent time that it was
modified.

I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\
directory, but the same window opens stating that "The process cannot access
the file because it is being used by another process." Regardless, I doubt
this is the System log found under Event Viewer because the time associated
'date modified' does not correspond to the most recent time it was modified.

Does anyone know how and where I can find the files associated with Event
Viewer's Application, Security and System log files???

Thanks in advance,

AnnaMarie

How to view and manage event logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427
See the section titled:
"How to Set Log Size and Overwrite Options"

How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/default...;EN-US;q172156
"The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt)"

Fix Corrupt Event Log Files
http://www.tunexp.com/tips/maintain_...ent_log_files/

Script to clear the Security event log after backing it up:
http://www.winhelponline.com/article...ing-it-up.html

EventSave and EventSave+
http://www.heysoft.de/Frames/f_sw_es_en.htm
(allows you to select the event log types which you want to save and clear)

--
JS
http://www.pagestart.com


"AnnaMarie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> On a daily basis, under Administrative Tools / Event Viewer, I inspect the
> Application, Security and System log files. When there are no problems, I
> manually clear each log file.
>
> I am getting tired of manually cleaning these log files and unless there
> is a simpler method, I would like to create a BATCH file program to delete
> the individual files that are created. Unfortunately, I do not know how
> or where they are written. According to its properties, Event Viewer is
> located in %SystemRoot%\system32\ directory, however, I do not find any
> log files there.
>
> I hope these logs are not integral to 'ntuser.dat' or 'NtUser.dat' or
> 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try to read
> any of them a window opens and states: "The process cannot access the file
> because it is being used by another process." That being said, the
> SYSTEM.LOG is located in the C:\WINDOWS\system32\config directory and its
> 'date modified' time stamp corresponds to the most recent time that it was
> modified.
>
> I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\
> directory, but the same window opens stating that "The process cannot
> access the file because it is being used by another process." Regardless,
> I doubt this is the System log found under Event Viewer because the time
> associated 'date modified' does not correspond to the most recent time it
> was modified.
>
> Does anyone know how and where I can find the files associated with Event
> Viewer's Application, Security and System log files???
>
> Thanks in advance,
>
> AnnaMarie

Excellent links, JS; thanks.

Twayne


JS wrote:
> How to view and manage event logs in Event Viewer in Windows XP
> http://support.microsoft.com/kb/308427
> See the section titled:
> "How to Set Log Size and Overwrite Options"
>
> How to Delete Corrupt Event Viewer Log Files
> http://support.microsoft.com/default...;EN-US;q172156
> "The Event Viewer Log files (Sysevent.evt, Appevent.evt,
> Secevent.evt)"
> Fix Corrupt Event Log Files
> http://www.tunexp.com/tips/maintain_...ent_log_files/
>
> Script to clear the Security event log after backing it up:
> http://www.winhelponline.com/article...ing-it-up.html
>
> EventSave and EventSave+
> http://www.heysoft.de/Frames/f_sw_es_en.htm
> (allows you to select the event log types which you want to save and
> clear)
>
> "AnnaMarie" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> On a daily basis, under Administrative Tools / Event Viewer, I
>> inspect the Application, Security and System log files. When there
>> are no problems, I manually clear each log file.
>>
>> I am getting tired of manually cleaning these log files and unless
>> there is a simpler method, I would like to create a BATCH file
>> program to delete the individual files that are created.
>> Unfortunately, I do not know how or where they are written. According
>> to its properties, Event Viewer is located in
>> %SystemRoot%\system32\ directory, however, I do not find any log
>> files there. I hope these logs are not integral to 'ntuser.dat' or
>> 'NtUser.dat' or
>> 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try
>> to read any of them a window opens and states: "The process cannot
>> access the file because it is being used by another process." That
>> being said, the SYSTEM.LOG is located in the
>> C:\WINDOWS\system32\config directory and its 'date modified' time
>> stamp corresponds to the most recent time that it was modified.
>>
>> I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\
>> directory, but the same window opens stating that "The process cannot
>> access the file because it is being used by another process."
>> Regardless, I doubt this is the System log found under Event Viewer
>> because the time associated 'date modified' does not correspond to
>> the most recent time it was modified.
>>
>> Does anyone know how and where I can find the files associated with
>> Event Viewer's Application, Security and System log files???
>>
>> Thanks in advance,
>>
>> AnnaMarie

AnnaMarie wrote:
> "Mort" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
> << HUGE SNIP >>
>
>> Not one of those links does what the OP wants to do. Not one even
>> helps.
>
> I do not know whom "OP" is, but if its ME, then, Mort, in general you
> may be correct, however, specifically, JS posted reply did HELP
> answer my QUESTION regarding where the files associated with Event
> Viewer's Application, Security and System logs were located:
>
> C:\WINDOWS\system32\config\AppEvent.Evt
> C:\WINDOWS\system32\config\SecEvent.Evt
> C:\WINDOWS\system32\config\SysEvent.Evt
>
> Unfortunately, after reviewing the contents associated with the
> suggested links, I was unable to resolve my other goal of creating a
> BATCH file program to delete the individual files that are created.
> Given the various system responses including, but not limited to,
> "The process cannot access the file because it is being used by
> another process" as well as the Microsoft article that states, "The
> Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are
> always in use by the system, preventing the files from being deleted
> or renamed," it appears that my goal may never be achieved.
>
> AnnaMarie

How about the Script to clear the Security event log after backing it
up:
http://www.winhelponline.com/article...ing-it-up.html
link? It has a script that looks like it would work.

Just my 2 ¢

You're welcome.
Lets just hope Anna can find a solution.

--
JS
http://www.pagestart.com


"Twayne" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Excellent links, JS; thanks.
>
> Twayne
>
>
> JS wrote:
>> How to view and manage event logs in Event Viewer in Windows XP
>> http://support.microsoft.com/kb/308427
>> See the section titled:
>> "How to Set Log Size and Overwrite Options"
>>
>> How to Delete Corrupt Event Viewer Log Files
>> http://support.microsoft.com/default...;EN-US;q172156
>> "The Event Viewer Log files (Sysevent.evt, Appevent.evt,
>> Secevent.evt)"
>> Fix Corrupt Event Log Files
>> http://www.tunexp.com/tips/maintain_...ent_log_files/
>>
>> Script to clear the Security event log after backing it up:
>> http://www.winhelponline.com/article...ing-it-up.html
>>
>> EventSave and EventSave+
>> http://www.heysoft.de/Frames/f_sw_es_en.htm
>> (allows you to select the event log types which you want to save and
>> clear)
>>
>> "AnnaMarie" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi,
>>>
>>> On a daily basis, under Administrative Tools / Event Viewer, I
>>> inspect the Application, Security and System log files. When there
>>> are no problems, I manually clear each log file.
>>>
>>> I am getting tired of manually cleaning these log files and unless
>>> there is a simpler method, I would like to create a BATCH file
>>> program to delete the individual files that are created. Unfortunately,
>>> I do not know how or where they are written. According to its
>>> properties, Event Viewer is located in
>>> %SystemRoot%\system32\ directory, however, I do not find any log
>>> files there. I hope these logs are not integral to 'ntuser.dat' or
>>> 'NtUser.dat' or
>>> 'UsrClass.dat' or SOFTWARE or SYSTEM log files, because when I try
>>> to read any of them a window opens and states: "The process cannot
>>> access the file because it is being used by another process." That
>>> being said, the SYSTEM.LOG is located in the
>>> C:\WINDOWS\system32\config directory and its 'date modified' time
>>> stamp corresponds to the most recent time that it was modified.
>>>
>>> I also find a SECURITY.LOG located in the C:\WINDOWS\system32\config\
>>> directory, but the same window opens stating that "The process cannot
>>> access the file because it is being used by another process."
>>> Regardless, I doubt this is the System log found under Event Viewer
>>> because the time associated 'date modified' does not correspond to
>>> the most recent time it was modified.
>>>
>>> Does anyone know how and where I can find the files associated with
>>> Event Viewer's Application, Security and System log files???
>>>
>>> Thanks in advance,
>>>
>>> AnnaMarie
>
>

Thank you for responding to my newsgroup posting and for sharing your 2 ¢,
Twayne.

I do not know a thing about script writing, but am happy to report that the
Security script worked. One down, two to go!!

Attempting to capitalize on this achievement, I substituted SYSTEM for
SECURITY and created a separate .vbs file. When executed, the following
Windows Script Host pop-up states:

Script: C:\clearSYS.vbs
Line: 2
Char: 1
Error: 0x80041021
Code: 80041021
Source: (null)

Similarly, I substituted APPLICATION for SECURITY and created a separate
..vbs file. When executed, the following Windows Script Host pop-up states:

Script: C:\clearAPP.vbs
Line: 2
Char: 1
Error: 0x80041021
Code: 80041021
Source: (null)

Prior to researching the Error and Code numbers, I thought I would post my
results with the hope there is a simple solution that someone here may know.

Thanks again for sharing your 2 ¢, Twayne!

AM



"Twayne" <(E-Mail Removed)> wrote in message
news:%235Ks%(E-Mail Removed)...
>
SNIP SNIP SNIP
>
> How about the Script to clear the Security event log after backing it up:
> http://www.winhelponline.com/article...ing-it-up.html
> link? It has a script that looks like it would work.
>
> Just my 2 ¢

I found the following article by Microsoft, Backing Up and Clearing Event
Logs, for Microsoft® Windows® 2000 Scripting Guide, located here . . .
http://www.microsoft.com/technet/scr....mspx?mfr=true

This article includes a section titled, 'Listing 12.5 Backing Up and
Clearing an Event Log' that details the following script:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next

Unfortunately, this script did not work. When executed, a Windows Script
Host pop-up window states: The Application event log could not be backed up.
It seems reasonable to conclude that this script fails because this article
applies to Windows 2000 and not Windows XP SP2 (as is my operating system).

Next, I Googled . . . "Backing Up and Clearing Event Logs" "Microsoft
Windows XP Scripting Guide" . . . but it produced not hits.

A few Googles later, I found . . .
http://www.microsoft.com/technet/scr....mspx?mfr=true
.. . . which states that it supports the Windows XP platform (among others)
and includes the following script:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next

Unfortunately, like the Windows 2000 script, it did not work. When
executed, a Windows Script Host pop-up window states: The Application event
log could not be backed up.

Looks like its back to the drawing board, for me.

AM (

Have you tried the keystroke macro?

--
JS
http://www.pagestart.com


"AnnaMarie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I found the following article by Microsoft, Backing Up and Clearing Event
>Logs, for Microsoft® Windows® 2000 Scripting Guide, located here . . .
>http://www.microsoft.com/technet/scr....mspx?mfr=true
>
> This article includes a section titled, 'Listing 12.5 Backing Up and
> Clearing an Event Log' that details the following script:
>
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate,(Backup)}!\\" & _
> strComputer & "\root\cimv2")
> Set colLogFiles = objWMIService.ExecQuery _
> ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
> For Each objLogfile in colLogFiles
> errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
> If errBackupLog <> 0 Then
> Wscript.Echo "The Application event log could not be backed up."
> Else
> objLogFile.ClearEventLog()
> End If
> Next
>
> Unfortunately, this script did not work. When executed, a Windows Script
> Host pop-up window states: The Application event log could not be backed
> up. It seems reasonable to conclude that this script fails because this
> article applies to Windows 2000 and not Windows XP SP2 (as is my operating
> system).
>
> Next, I Googled . . . "Backing Up and Clearing Event Logs" "Microsoft
> Windows XP Scripting Guide" . . . but it produced not hits.
>
> A few Googles later, I found . . .
> http://www.microsoft.com/technet/scr....mspx?mfr=true
> . . . which states that it supports the Windows XP platform (among others)
> and includes the following script:
>
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate,(Backup)}!\\" & _
> strComputer & "\root\cimv2")
> Set colLogFiles = objWMIService.ExecQuery _
> ("Select * from Win32_NTEventLogFile where LogFileName='Application'")
> For Each objLogfile in colLogFiles
> errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
> If errBackupLog <> 0 Then
> Wscript.Echo "The Application event log could not be backed up."
> Else
> objLogFile.ClearEventLog()
> End If
> Next
>
> Unfortunately, like the Windows 2000 script, it did not work. When
> executed, a Windows Script Host pop-up window states: The Application
> event log could not be backed up.
>
> Looks like its back to the drawing board, for me.
>
> AM (

Hi JS,

Due to its cost, I chose to go the freeware route and downloaded a similar
product, highly taughted by the editors of CNET, AutoHotkey 1.0.48 Beta.

It did not work. Hell, it did not install properly either. I tired
downloading again, but ended up with the same result.

AM

"JS" <@> wrote in message news:(E-Mail Removed)...
> Have you tried the keystroke macro?
>
> --
> JS

http://www.download.com/AutoHotkey/3...html?tag=mncol