Windows Event Log

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Vista, Windows 2008, and Windows 7)
(Updating Forensics Wiki links)
 
(3 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
These systems use the .evt extension and are usually found in the  C:\Windows\system32\config directory.
 
These systems use the .evt extension and are usually found in the  C:\Windows\system32\config directory.
  
* [http://www.forensicswiki.org/wiki/Windows_Event_Log_%28EVT%29|Forensics Wiki: Windows Event Log (EVT)]
+
* [{{ForensicsWikiURL|windows_event_log_%28evt%29}} Forensics Wiki: Windows Event Log (EVT)]
 
* [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP]
 
* [http://support.microsoft.com/kb/308427 How to view and manage event logs in Event Viewer in Windows XP]
  
 
== Vista, Windows 2008, and Windows 7 ==
 
== Vista, Windows 2008, and Windows 7 ==
  
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all.
+
These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.
  
* [http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_%28EVTX%29 Forensics Wiki: Windows XML Event Log (EVTX)]
+
* [{{ForensicsWikiURL|windows_xml_event_log_%28evtx%29}} Forensics Wiki: Windows XML Event Log (EVTX)]
 
* [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)]
 
* [http://windows.microsoft.com/en-us/windows-vista/open-event-viewer Event Viewer (Vista)]
 
* [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)]
 
* [http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780%28v=vs.85%29.aspx Windows Event Log (MSDN)]
Line 23: Line 23:
 
== Links ==
 
== Links ==
 
* [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]]
 
* [[Wikipedia:Event Viewer|Wikipedia: Event Viewer]]
 +
 +
[[Category:Microsoft]]
 +
[[Category:Windows]]

Latest revision as of 14:48, 4 September 2023

File Format
Name Windows Event Log
Ontology
Extension(s) .evt, .log, .log1, .log2

The Windows Event Log tracks things that happen to Windows systems for diagnostic use. Its format, and the built-in Windows utilities to access it, has varied between Windows versions. Generally there are three different logs, Application, System, and Security.

[edit] Windows 2000, XP and 2003

These systems use the .evt extension and are usually found in the C:\Windows\system32\config directory.

[edit] Vista, Windows 2008, and Windows 7

These files are also usually in the C:\Windows\system32\config directory, but have .log, .log1, and .log2 extensions... or no extension at all. Attempting to open them in a general file-viewer program seems to hang Windows Explorer.

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox