This article has been archived. It is offered "as is" and will no longer be updated.
Consider the following scenario. On a Microsoft Windows Server 2003 Service Pack 1 (SP1)-based computer, you open and view the properties of the first event in an event log. Then, you click the UP ARROW button in the event properties to move to the last event. In this scenario, you receive the following error message:
The event log file is corrupt.
Note This error message is displayed to help you avoid access violations.
Additionally, the cache is discarded during the restoring process. If the cache is successfully discarded, you receive the following message:
This log file is updated during a log reading process.
For example, you may experience this issue when you view events in the Security log.
This issue occurs when event logs are frequently updated in Event Viewer. When frequent updating occurs, arbitrary events are logged in the event log. Event Viewer tries to display other event files by moving the access pointer in an event file. When arbitrary events are logged, event log files are updated or overwritten by the new entries. In this scenario, the other events in the event log try to reference the relative location of the pointer. However, the relative information is lost.
To work around this issue, close and then reopen Event Viewer. When you do this, the event log entries are refreshed and are displayed correctly.For more information about how to view and manage event logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
308427 How to view and manage event logs in Event Viewer in Windows XP
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
For more information about Event Viewer related issues, click the following article number to view the article in the Microsoft Knowledge Base:
899416 You receive a "The event log file is corrupt" error on a computer that is running Windows Server 2003 SP1 about Event Viewer related issues, an x64-based version of Windows Server 2003, or Windows XP Professional x64 Edition