Windows Vista: Exported Event Log Files

In order to increase the usability of these files(exported Event Log (.evt) files from Windows XP and Windows Server 2003 on a Windows Vista machine) within the Windows Vista Event Viewer, the best thing to do is convert them to the new Event Log file format - .evtx.  Of course, if you open up a […]

In order to increase the usability of these files(exported Event Log (.evt) files from Windows XP and Windows Server 2003 on a Windows Vista machine) within the Windows Vista Event Viewer, the best thing to do is convert them to the new Event Log file format - .evtx.  Of course, if you open up a .evt file on a Windows Vista machine, you are presented with the following banner message at the top of the window as well as the option to navigate from one page through the next instead of being able to scroll down through all the events at once:

Most of us routinely ignore these messages and carry on viewing the file.  However, there are a couple of ways to convert the file to a .evtx file for greater benefit:

Option 1: Let the Event Viewer MMC do the conversion for you:  Right Click on the Saved Log and Select "Save Events As ..." as shown below.

Once you choose the folder to save the file in and provide the filename, the MMC does the conversion for you.  One caveat here, this process may take quite a while if you have very large Event Log files!

Option 2: Use WEVTUTIL to perform the conversion:  You can use the Windows Events Command Line Utility (WEVTUTIL.EXE) to perform the conversion.  This utility is very powerful when manipulating Event Log files.  You can retrieve information about event logs and publishers, install and uninstall event manifests, export logs and more.  For our purposes though we are going to use the utility to convert our log file.  The syntax is as follows: wevtutil export-log <sourcelogfile>.evt <targetlogfile>.evtx /lf.  The example below demonstrates a conversion of the AppLog-XP.evt file that I saved from my Windows XP test machine into .evtx format.  With larger log files using this utility is quicker than having the MMC export and save the file.

Full Article

Microsoft, Windows XP, Windows 2003, Windows Server 2003, Windows Vista, Event Log, Log Files, Tips and Tricks, Troublesgooting, Knowledgebase