Please enable JavaScript to view this site.

Navigation: Management Console / Utilities > Event Log Viewer

Viewing Event Log Backup (.evt) Files

Scroll Prev Top Next More

Starting with version 2.70 of EventSentry you have the ability to open event log backup files. Event Log backup files are usually created with the Windows event viewer, the EventSentry event log backup feature or with other event log management applications.

 

To open an .evtx file, right-click the "Event Log Viewer (local)" container and select "Open Log File ...". You will then be prompted to browse for an .evtx file to open.

 

Avoiding a prompt for the event log

In order to display a previously saved event log properly, an event log management application needs to know from which event log it was originally exported:

 

clip0036

 

You can avoid being prompted for the event log by making sure that the filename contains either the full name or an abbreviation of the event log it was exported from. EventSentry will recognize the following names and abbreviations:

 

Full name of event log

Abbreviation

Application

app

Security

sec

System

sys

DNS Server

dns

File Replication Service

rep

Directory Service

dir

 

For example, if the file name is fileserver_app_01122005.evtx then EventSentry will automatically associate this file with the Application event log.

 

EventSentry does not automatically recognize custom event logs. As such, if you are opening an .evtx file that was exported from a custom event log then you will either have to select the custom event log from the drop-down menu or specify the name manually.

 

Double-Clicking .evtx files in explorer

You can configure EventSentry to be the default handler for .evtx files. With this feature enabled you can double-click .evtx files in Windows explorer, which will automatically display the .evtx file in the EventSentry management console. See options for more information.