I run my code and, File is flagged as dirty. How can I fix it?

Question

package main

import (
    "fmt"
    "time"

    evtx "github.com/0xrawsec/golang-evtx/evtx"
)

func main() {
    fd, err := evtx.Open("D:\\ForwardedEvents\\Logs\\ForwardedEvents.evtx")
    if err != nil {
        fmt.Println(err)
    }
    stopchan := make(chan bool)
    mychan := fd.MonitorEvents(stopchan, time.Duration(100))

    x := <- mychan
    fmt.Println(x)
}

The code I wrote; Windows Event Viewer Dan gets logs and outputs it, but when I run the code it says "File is flagged as a dirty." I am getting the error. How can I fix it?

score 0 · Answer 1 · answered Aug 13 '21 at 01:20

The library you are using returns the error if the file you are opening is flagged as dirty (it has nothing to do with your IDE). You can choose to ignore the error if you want (or use the OpenDirty function that attempts to repair the file if its dirty but this will not work if something else has it open).

Why is this error arising? Probably because the file was not closed properly (or something is still writing to it). The Microsoft docs say:

The ELF_LOGFILE_HEADER_DIRTY flag can be used by the event-logging service to detect if the event log was not properly closed.

I run my code and, File is flagged as dirty. How can I fix it?

1 Answers1