-1

I am trying to review event viewer logs that was archived from another Server.

When accessed, the events are listed properly, but details of each event give the following error:

The description for Event ID .... in Source "Microsoft-Windows-Security-Auditing" cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer

Unfortunately, the server version where those logs we're archived is inaccessible at the moment.

Is there any way to get the details of the archived event?

Karim Z.
  • 19
  • 1
  • 2
  • I recognize this is an old question. Still it may aid others to know that I was able to "side-step" this kind of issue using Log Parser Studio (LPS) which (oddly) gave me access to a "Strings" column which contained the log entry's meaningful text. Took a bit to get familiar with the tool but now I love it. https://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765 – ScottWelker Aug 02 '19 at 22:10

1 Answers1

0

This blog article explains why this happens and how to (potentially) resolve it: https://www.eventsentry.com/blog/2008/04/event-log-message-files-the-de.html

Lucky Luke
  • 1,634
  • 1
  • 11
  • 12
  • I suspect the referenced article applies to repairing this problem on the host where the event log originated. Carefully following it's prescription does not address my issue where, like to original poster, I am viewing the saved log on another host (even when I was careful at the source to ."include display information"). – ScottWelker Aug 02 '19 at 22:04