i saved an eventlog with display information on a computer. now i want to open this file on another computer with full event description. in my understanding this information should be saved in the LocalMetaData.mta file but i don't know how to use this file. how can i "import" the .mta file in order to get full eventlog description on the other computer?
Asked
Active
Viewed 1.9k times
5
-
which eventlog do you want to open? Application\Security\System? Security\System should open Ok, Application may not - you need to have specific application installed to view its logs writted to windows Application log. – Volodymyr Molodets Nov 15 '12 at 11:55
-
it's the application log. and i want to see exchange entries – user1008764 Nov 15 '12 at 12:18
-
Either install Exchange or look for files with descriptions in installation folder of Exchange on source server. – Volodymyr Molodets Nov 15 '12 at 12:36
-
Which OS version is installed on Exchange server? 2003? 2008? – Volodymyr Molodets Nov 15 '12 at 12:39
-
On Windows Sevrer 2008 R2 – user1008764 Nov 15 '12 at 13:39
-
2i do not want to install the exchange admin tools. i think all data should be saved int the .mta file but i don't know how to use this file – user1008764 Nov 15 '12 at 13:50
-
Was an answer ever discovered here? This issue is affecting me too. I assumed including the LocaleData would be enough, but having it in the same structure as when it was exported doesn't seem to work. Opening on a different machine I'm being told the error description text doesn't exist. – Ashley Oct 06 '14 at 17:03
-
I just test saved a few events to a evtx file, which generated an LocaleMetaData\*.MTA file. It deleted the MTA and it didn't seem to affect my ability to view the event descriptions – Kevin Oct 17 '17 at 20:33
4 Answers
1
After exporting the Windows event as documented here, there should be two files: an evtx file you saved and a LocaleMetaData folder in the same directory that should contain a .MTA file with the same name as the evtx file.
To correctly view the events on another computer, you need to copy both the evtx file and the LocaleMetaData folder and its contents onto the other computer.
Swisstone
- 6,725
- 7
- 22
- 32
Tekena Orugbani
- 11
- 1
1
If your MS Exchange Server resides on Windows Server 2008 OS, then you seem to be a lucky guy. I've just tried to right-click on Application log and chose "Save All Events As..." option. Then I specify xml as output format. Then you have an option to export or not to export Display Information. Click Save to save.
Unfortunately, no possibility to save as xml on Windows Server 2003, only txt/csv.
Tried to connect to remote Event Viewer from W2k8 to W2k3 server, but still cannot export to xml.
Volodymyr Molodets
- 2,424
- 9
- 36
- 52
-
yes i know this. i have saved it with display information as evtx file because i would like to open it in eventvwr. my problem is that i can open the evtx file but not the meta data (.mta) file with the event descriptions – user1008764 Nov 15 '12 at 13:47
-
DisplayInfo.evtx vs NoDisplayInfo.evtx both were binary identical. the first did create an LocaleMetaData\DisplayInfo_1033.MTA – Kevin Oct 17 '17 at 20:37
0
You should install on your local computer specific component that you want to see. For example if you want to see Exchange events you should use Exchanage on this computer. This is simular for other services. In my case I tried to see Hyper-V events and could not. When I got another server with Hyper-V I've could normally read all events.
user253234
- 1
- 1
-1
If you want to find a specific event or view a subset of events.... you can either search the log, or you can apply a filter to the log data as usual u must have done it .. u can follow the given link for detail Microsoft support
either u can go for a third party tool which will generate a comprehensive report for any critical event which u want to monitor also this will be able to create a real time alert by mail go for any third party freeware tool.
sysadmin1138
- 133,124
- 18
- 176
- 300
peterdu401
- 25
- 3