Windows Event Log
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (→Vista, Windows 2008, and Windows 7) |
m (Add Kaitai Struct schema) |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
|subcat=System files | |subcat=System files | ||
|extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} | |extensions={{ext|evt}}, {{ext|log}}, {{ext|log1}}, {{ext|log2}} | ||
| + | |kaitai struct=windows_evt_log | ||
}} | }} | ||
The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security. | The [[Windows Event Log]] tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security. | ||
| Line 10: | Line 11: | ||
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory. | These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory. | ||
| − | * [ | + | * [{{ForensicsWikiURL|windows_event_log_%28evt%29}} Forensics Wiki: Windows Event Log (EVT)] |
* [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP] | * [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP] | ||
== Vista, Windows 2008, and Windows 7 == | == Vista, Windows 2008, and Windows 7 == | ||
| − | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. | + | These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer. |
| − | * [ | + | * [{{ForensicsWikiURL|windows_xml_event_log_%28evtx%29}} Forensics Wiki: Windows XML Event Log (EVTX)] |
* [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)] | * [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)] | ||
* [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)] | * [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)] | ||
| Line 23: | Line 24: | ||
== Links == | == Links == | ||
* [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]] | * [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]] | ||
| + | |||
| + | [[Category:Microsoft]] | ||
| + | [[Category:Windows]] | ||
Latest revision as of 17:51, 26 December 2024
The Windows Event Log tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.
[edit] Windows 2000, XP and 2003
These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.
- Forensics Wiki: Windows Event Log (EVT)
- How to view and manage event logs in Event Viewer in Windows XP
[edit] Vista, Windows 2008, and Windows 7
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.
