I found the path as to where the logs are stored -> %SystemRoot%\system32\winevt\logs When double clicking one of the .evtx logs it opens it in the event log viewer. Is there a way to open it without using the event log viewer for example in a .doc or .txt?
Asked
Active
Viewed 110 times
0
-
why would you want to do this? – tony roth Jun 05 '13 at 17:49
1 Answers
0
You can open the evtx log in event viewer and then save it as a different type such as xml, txt, or csv. (right click the log in event viewer, choose "Save all events as" and choose the file type) This will put the events in a format that would actually make sense when you open it in notepad, etc.
Then you can open that format in whatever program (notepad/Excel/etc) that you want based on the file format you chose.
There's also 3rd party software galore for reading/analyzing event log formats.
TheCleaner
- 32,627
- 26
- 132
- 191