Play the old format event log analysis under Vista/Windows7

If there is one, a friend tells you that there is a problem with his computer. Maybe, you need to analyze the event log of its system
. After all, in the Windows system, the system event log records too much information, application usage, crashes and other records, Windows system various event records and so on. However, when your friend sends the log in his Windows directory and you want to view and analyze it, I find that the event log crashes!

What is going on here?

The reason is very simple. The event log before Vista
is the .evt file, Vista and the .evtx file!

We can use the Log Parser 2.2 provided by Microsoft (click to enter the official Microsoft page), it can parse the respective supported formats on the corresponding system, the parsing command is:

logparser -i: EVT "SELECT * INTO a.csv FROM b.evt"

but if in Vista, Windows Server 2008, Windows7 and after parsing .evt format may be prompted to log event log on the system crashes, then you need to. The evt format is converted to the .evtx format. Fortunately, Vista and later systems provide the Wevtutil-Windows Events Command Line Utility tool!

Run the command: wevtutil epl application.evt application.evtx /lf:true to convert.

wevtutil The prompts in the system are all in English,:

Windows Events Command Line Utility.

Enables you to retrIEve information about event logs and Publisher
s, install
and uninstall event manifests, run querIEs, and export, archive, and clear logs.

Usage:

You can use either the short (for example , ep /uni) or long (for example,
enum-publishers /unicode) version of the command and option names. Commands,
options and option values ​​are not case-sensitive.

Variables Are noted in all upper-case.

wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

Commands:

el