question

StevenacMC-1873 avatar image
0 Votes"
StevenacMC-1873 asked CFabian-1578 answered

Windows 10 2004 update ~ Blanks out event logs

updating to Windows 10 build 2004 clears out event logs in event viewer, resetting all records to "1" for all event log channels. I cannot find archived event logs anywhere, making auditing impossible. Nothing under windows.old either.

Thoughts?

windows-10-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Stevenac,

Haven't received your message a few days, was your issue resolved?If not, please reply and tell us what's going on to provide further assistance.
If the reply is helpful, please accept it as answer to help other community members quickly find useful responses.

Best regards,
Molly

0 Votes 0 ·
MollyLu-MSFT avatar image
0 Votes"
MollyLu-MSFT answered MollyLu-MSFT commented

Hi,

Welcome to Microsoft Q&A.
Try following steps to see if it can fix your issue:
1. Press Windows key + R, Type Services.msc and press ENTER.
2. Locate Windows Event log in the Services listed.
3. Verify if the Status is started. If the Status column is blank, Right click on Windows Event log Service and select Start.
4. Open Windows Event log Service, Select Dependencies. In Dependencies select the Windows Event Collector and click on ok to start the service.
5. Also check the Dependencies in the Windows Event Collector and start the dependencies Services by clicking OK

Best regards,
Molly


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.   
Best regards,
Molly

0 Votes 0 ·
StevenacMC-1873 avatar image
0 Votes"
StevenacMC-1873 answered Dgorter commented

Thank you for your answer. The Event Log Service is running fine. The OS upgrade has blanked out the event logs, thus why I have opened this request.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,
I thought this had been fixed in an earlier version of Windows 10, so I am wondering if this a regression.
File a feedback bug and post a link to it.

0 Votes 0 ·
warrenw avatar image
0 Votes"
warrenw answered

Hello @StevenacMC-1873

Can you check this folder? Windows.old\windows\system32\config for the previous event logs?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CFabian-1578 avatar image
0 Votes"
CFabian-1578 answered

This Application and Security, and Setup event logs in my update of Windows 10 to 21H2 last night.

The event service is running fine, and new log entries were created since the update.

Can you check this folder? Windows.old\windows\system32\config

The C:\windows.old folder does not exist on this system.


This article [ https://docs.microsoft.com/en-us/answers/questions/383487/events-log-are-deleted-by-kb4562830-update.html ] mentions the event log can be cleared by a Feature update.
Is this the intended behaviour, or an anomaly?
This is definitely not ideal behaviour from a sysadmin & system security perspective!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.