You are currently offline, waiting for your internet to reconnect

"The Event Log File Is Corrupt" Error Message When Opening an Event Log File

This article was previously published under Q255861
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
When you try to open an event log file that was copied from the original file while the Event Log service was running, you may receive the following error message:
The event log file is corrupt.
If you open event log files sent in e-mail using the Server Status tool in Small Business Server (SBS), you may also receive the same error message.
CAUSE
This behavior occurs because the Event Log service has an open handle to the *.evt file.
RESOLUTION
To work around this issue, use any of the following methods:
  • Open event log files using the Open command on the Log menu if you saved the files using the Event Viewer Save As command on the Log menu.
  • Make copies of the original event log files without using the Save As command if the Event Log service is disabled:
    1. Set the Event Log service to disabled, and then restart the computer.
    2. Copy the *.evt file(s) to another folder or computer. Event Viewer does not start until the Event Log service is started.
    3. Set the startup value for the Event Log service back to automatic, and then start the service.
  • Use the Dumpel.exe resource kit tool to dump the event logs into a text file while the Event Log service is running (for example, dumpel.exe -f system.out -l system).
REFERENCES
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
206848 Windows NT Service Pack 4.0 Tools Not Included on CD-ROM
smallbiz damaged
Properties

Article ID: 255861 - Last Review: 12/05/2015 18:56:23 - Revision: 2.1

Microsoft BackOffice Small Business Server 4.0, Microsoft BackOffice Small Business Server 4.0a, Microsoft BackOffice Small Business Server 4.5, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 4.0 Standard Edition

  • kbnosurvey kbarchive kberrmsg kbprb KB255861
Feedback