ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Following errors are shown on the Symantec Critical System Protction (SCSP) console : "ELC_0002: Could not read event from NT event log: Security." & "ELC_0018: Event log 'Security' is corrupted - skipping xx events to recover."

book

Article ID: 161789

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

Following errors are shown on the SCSP console : "ELC_0002: Could not read event from NT event log: Security." & "ELC_0018: Event log 'Security' is corrupted - skipping xx events to recover."

Resolution

 

There is a corrupted entry in the NT Event log on Windows, preventing SCSP from parsing the logs. You can clear events in an event log by using Event Viewer or by using the wevtutil command on a command line.

To clear an event log by using Event Viewer

  1. Start Event Viewer.

  2. In the console tree, navigate to the event log you want to clear.

  3. On the Action menu, click Clear Log .

  4. You can either clear the event log or save a copy of the event log and then clear it.

    • To clear the event log without saving: Click Clear .
       
    • To clear the event log after saving: Click Save and Clear , type a name for the saved file in File name on the Save As dialog box and click Save .
       

To clear an event log by using a command line

  1. To open a command prompt, click Start , type cmd in the Start Search box, and then press Enter .

  2. Type the following command:

     
    wevtutil cl <LogName> [/bu: <backup_file_name>]