Clearing and Archiving Windows NT Server Event Logs

Event log maintenance involves clearing the log before it becomes full and saving the cleared events as a text or binary file. Use Event Viewer to monitor the log regularly so you know when it is getting full. Save the log in the process of clearing it, so you can keep the records.

To designate log settings

Determine if you want to automatically overwrite events when the log becomes full, or if you prefer to manually save and clear the contents. You can set each event log differently.

1. Open Event Viewer.
   
2. From the Log menu, select Log Settings.
   
3. Select a log.
   
4. In the Maximum Log Size box, type a maximum size in increments of 64 kilobytes (KB).
   
5. Under Event Log Wrapping, select an option.

   Log	Description
   Overwrite as needed	When the log becomes full, new events automatically overwrite the oldest existing entries. This is the default setting.
   Overwrite older than [ ] days	When the log becomes full, new events automatically overwrite entries older than the number of days you specify. You can designate a number from 1 to 365.
   Do not overwrite	Retains all events, even when the log is full. You must manually save and close the log. If you choose this option, check the log regularly to ensure that it has not reached maximum capacity and is no longer recording events.

   
   

To manually save and clear a log

Use this option when you want to save the log data and clear the log.

1. Open Event Viewer.
   
2. From the Log menu, select the log you want to clear and save: System, Application, or Security.
   
3. From the Log menu, select Clear All Events.
   
4. When prompted to save the log, select Yes, and identify a location in which to save the log file.
   
5. Clear and save other logs as necessary.

© 1997 Microsoft Corporation. All rights reserved.