Starting with version 2.70 of EventSentry you have the ability to open event log backup files. Event Log backup files are usually created with the Windows event viewer, the EventSentry event log backup feature or with other event log management applications.
To open an .evtx file, right-click the "Event Log Viewer (local)" container and select "Open Log File ...". You will then be prompted to browse for an .evtx file to open.
Avoiding a prompt for the event log
In order to display a previously saved event log properly, an event log management application needs to know from which event log it was originally exported:
You can avoid being prompted for the event log by making sure that the filename contains either the full name or an abbreviation of the event log it was exported from. EventSentry will recognize the following names and abbreviations:
Full name of event log |
Abbreviation |
Application |
app |
Security |
sec |
System |
sys |
DNS Server |
dns |
File Replication Service |
rep |
Directory Service |
dir |
For example, if the file name is fileserver_app_01122005.evtx then EventSentry will automatically associate this file with the Application event log.
EventSentry does not automatically recognize custom event logs. As such, if you are opening an .evtx file that was exported from a custom event log then you will either have to select the custom event log from the drop-down menu or specify the name manually.
Double-Clicking .evtx files in explorer
You can configure EventSentry to be the default handler for .evtx files. With this feature enabled you can double-click .evtx files in Windows explorer, which will automatically display the .evtx file in the EventSentry management console. See options for more information.
