Windows Vista ? as well as the predecessor Windows operating systems ? comes with a complex infrastructure designed to log all the activity of the platform. The tool associated with logs in Windows Vista is Event Viewer. Users will be able to access this utility by entering Event Viewer in the Search box under the Start menu. Then simply right click the highlighted result and choose Run as Administrator from the contextual menu that pops up. Event viewer will keep track of a range of events including items related to Administrative tasks, Applications, Security, Setup, System, Applications and Services Logs and Forwarded Events.
The simplest way to deal with event files in Windows Vista is to have them saved as under the new Event Log file format - .evtx. Vista users will notice that the operating system also offers the possibility to convert exported Event Log (.evt) files from Windows XP and Windows Server 2003 to the .evtx format. The conversion can be done via the Event Viewer MMC, just make your way to the saved even, right click it and choose Save As.
Additionally, Windows Events Command Line Utility (WEVTUTIL.EXE) can also be used in order to perform the conversion. 'This utility is very powerful when manipulating Event Log files. You can retrieve information about event logs and publishers, install and uninstall event manifests, export logs and more. For our purposes though we are going to use the utility to convert our log file. The syntax is as follows: wevtutil export-log .evt .evtx /lf. With larger log files using this utility is quicker than having the MMC export and save the file,' revealed Steve Paruszkiewicz, from the Enterprise Platforms Support Windows Server Performance team.
Type 'cmd' in the Search box under the Start menu and press Ctrl + Shift + Enter in order to launch command prompt with administrative privileges. Now write 'wevtutil' and hit Enter in order to get an idea of the commands associated with this utility. Paruszkiewicz additionally offers a script set up to add a context menu handler to .evt files.
Step 4: Use a Universal File Viewer. If the above steps don’t help, a universal file viewer like File Magic (Download) might be able to help you open your EVTX file. Universal file viewers can open a variety of file types, depending on the format. Windows Events files (.evtx) are binary files. Because of that, they cannot be easily imported into anything (except the Windows Event viewer). Fortunately, you can load.evtx files into the Windows Event Viewer, and then save them as.xml,.txt or.csv. In.txt or.csv format, it should be relatively easy to import them into an SQL Server.
Evtx Viewer For Android
-->By Mark Russinovich
Published: March 05, 2019
Download PsTools(2.7 MB)
Introduction
The Resource Kit comes with a utility, elogdump, that lets you dump thecontents of an Event Log on the local or a remote computer. PsLogListis a clone of elogdump except that PsLogList lets you login to remotesystems in situations your current set of security credentials would notpermit access to the Event Log, and PsLogList retrieves messagestrings from the computer on which the event log you view resides.
Installation
Just copy PsLogList onto your executable path, and type 'psloglist'.
Using PsLogList
The default behavior of PsLogList is to show the contents of theSystem Event Log on the local computer, with visually-friendlyformatting of Event Log records. Command line options let you view logson different computers, use a different account to view a log, or tohave the output formatted in a string-search friendly way.
usage: psloglist [- ] [computer[,computer[,...] | @file [-uusername [-p password]]] [-s [-t delimiter]] [-m #|-n #|-h#|-d #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy][-ffilter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o eventsource[,event source][,..]]] [-q event source[,eventsource][,..]]] [-l event log file] <eventlog>
| Parameter | Description |
|---|---|
| @file | Execute the command on each of the computers listed in the file. |
| -a | Dump records timestamped after specified date. |
| -b | Dump records timestamped before specified date. |
| -c | Clear the event log after displaying. |
| -d | Only display records from previous n days. |
| -c | Clear the event log after displaying. |
| -e | Exclude events with the specified ID or IDs (up to 10). |
| -f | Filter event types with filter string (e.g. '-f w' to filter warnings). |
| -h | Only display records from previous n hours. |
| -i | Show only events with the specified ID or IDs (up to 10). |
| -l | Dump records from the specified event log file. |
| -m | Only display records from previous n minutes. |
| -n | Only display the number of most recent entries specified. |
| -o | Show only records from the specified event source (e.g. '-o cdrom'). |
| -p | Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. |
| -q | Omit records from the specified event source or sources (e.g. '-q cdrom'). |
| -r | SDump log from least recent to most recent. |
| -s | This switch has PsLogList print Event Log records one-per-line, with comma delimited fields. This format is convenient for text searches, e.g. psloglist |
| -t | The default delimeter is a comma, but can be overriden with the specified character. |
| -u | Specifies optional user name for login to remote computer. |
| -w | Wait for new events, dumping them as they generate (local system only). |
| -x | Dump extended data |
| eventlog | eventlog |
Evtx Viewer Android
How it Works
Like Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump,PsLogList uses the Event Log API, which is documented in WindowsPlatform SDK. PsLogList loads message source modules on the systemwhere the event log being viewed resides so that it correctly displaysevent log messages.
Download PsTools(2.7 MB)
PsTools
PsLogList is part of a growing kit of Sysinternals command-line toolsthat aid in the administration of local and remote systems namedPsTools.
Evtx Viewer For Audio
Runs on:
Evtx Viewer For All
- Client: Windows Vista and higher.
- Server: Windows Server 2008 and higher.