An admin on my network says he was troubleshooting an issue and had cleared the event logs.
Is this a problem? What are some of the benefits of clearing the event viewer logs while troubleshooting software issue(s)?
Asked
Active
Viewed 801 times
-1
-
why the downvote? – JavaScripter007 Sep 21 '18 at 00:38
-
May be your admins also have SF accounts? ;-) – marsh-wiggle Nov 16 '18 at 09:01
2 Answers
1
It provides a clean slate allowing you to disregard all the prior "noise" and focus on the new errors.
spacenomyous
- 1,319
- 7
- 15
1
If cleaning logs can provide a better overview during a troubleshooting session, it can also be considered as a critical security issue.
Actually, cleaning logs generates 2x event IDs (1102 & 104) that are commonly used in SOCs (Security Operation Center) with specific SIEM rules or use cases. So I wouldn't suggest to clear logs in general since it may create false positive incident. Instead, I would suggest to use the Event Viewer filter, the logs export feature or a SIEM solution.
Michel de Crevoisier
- 571
- 4
- 9