event log: format of date and time


  1. Posts : 27
    Windows 7 Pro x64
       #1

    event log: format of date and time


    Hello, I'm new here. Just starting with a question re the event log of Windows 7:

    In what format are date and time of logged events in .evtx files? How can I find and translate them when I look at the file content with a hex viewer? (File seems to be corrupt. Can't open it with the Windows event viewer.)

    Thanks in advance!
      My Computer


  2. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #2

    tripleclick said:
    Hello, I'm new here. Just starting with a question re the event log of Windows 7:

    In what format are date and time of logged events in .evtx files? How can I find and translate them when I look at the file content with a hex viewer? (File seems to be corrupt. Can't open it with the Windows event viewer.)

    Thanks in advance!
    Welcome to SevenForums.

    Let Win 7 open your .evtx files. The default is Event Viewer.

    The average user will be using Event Viewer to view the event logs.

    True, with a healthy work in time, you can learn to use PowerShell to extract and parse event logs.

    I use a powershell script to clear all of my event logs - not for the space savings but to make the job of separating the wheat from the chaff easier.
      My Computer


  3. Posts : 27
    Windows 7 Pro x64
    Thread Starter
       #3

    Thanks karlsnooks, PowerShell might be just a bit of an overkill for now. I just need to be able to find and read the dates and times at the moment. I can't open the corrupt file with Windows event viewer. (Will look into PowerShell when I have more time on my hands.)
      My Computer


  4. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #4

    The easiest way is to simply with wndows exploer to open the file. The default is the event viwer snap in. The event viewer will show you data nd time.
      My Computer


  5. Posts : 27
    Windows 7 Pro x64
    Thread Starter
       #5

    Umm... thanks, but as I have written twice: the file is corrupt, thus I cannot open/view it with the event viewer. But I can look at the content with a hex viewer.
      My Computer


  6. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #6

    I'm trying to understand.

    You have an event viewer with which you can view events. Events are stored in Event Logs. If the Event Log is on a remote machine, then just export the log , bring the log to your machine and import the log.

    Of course iindividual events can be exported, the details can be copied to a text file.
      My Computer


  7. Posts : 27
    Windows 7 Pro x64
    Thread Starter
       #7

    Thanks for your efforts. I only have a ***corrupt*** .evtx file with already exported events in it. I want to read those events. Because the file is corrupt I cannot view it with the Windows event viewer. When I look into the file with a usual txt editor I can see the ASCII part. But date and time does not seem to be in ASCII format. I therefore look into the file with a hex viewer but still I can't find and decipher dates and times of the events.

    I hope you or somebody else understand(s) now. I am sorry if I am not able to describe the situation clear enough.
      My Computer


  8. Posts : 27
    Windows 7 Pro x64
    Thread Starter
       #8

    I would still appreciate any help from anybody. (I am sorry, if my question was not clear enough. I did my best. But I am open to counter questions.) Thanks in advance!
      My Computer


  9. Posts : 5
    Windows 7 X64
       #9

    Hey Tripple,

    Having the same issue. Did you ever get a solution?
      My Computer


  10. Posts : 27
    Windows 7 Pro x64
    Thread Starter
       #10

    No, unfortunately not.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:02.
Find Us