Most of us routinely ignore these messages and carry on viewing the file. However, there are a couple of ways to convert the file to a .evtx file for greater benefit:
Option 1: Let the Event Viewer MMC do the conversion for you: Right Click on the Saved Log and Select "Save Events As ..." as shown below.
Once you choose the folder to save the file in and provide the filename, the MMC does the conversion for you. One caveat here, this process may take quite a while if you have very large Event Log files!
Option 2: Use WEVTUTIL to perform the conversion: You can use the Windows Events Command Line Utility (WEVTUTIL.EXE) to perform the conversion. This utility is very powerful when manipulating Event Log files. You can retrieve information about event logs and publishers, install and uninstall event manifests, export logs and more. For our purposes though we are going to use the utility to convert our log file. The syntax is as follows: wevtutil export-log <sourcelogfile>.evt <targetlogfile>.evtx /lf . The example below demonstrates a conversion of the AppLog-XP.evt file that I saved from my Windows XP test machine into .evtx format. With larger log files using this utility is quicker than having the MMC export and save the file.
Option 3: Use a script file to add a context menu handler for .evt files: You can automate the process a bit more by using a script to add a context menu handler for .evt files. The sample VBScript below adds a “Convert to .EVTX” option to the right-click context menu for .evt files. The script will convert the file, then automatically open the converted file in the Vista event viewer. You can change this behavior by changing the AUTO_OPEN_EVTX constant to false. This will prompt you to open the file with a Yes or No prompt in case you just want to convert the file, then copy it somewhere.
**** SCRIPT DISCLAIMER****
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business
And that wraps up this post. Hopefully you find this information useful and if you have any feedback, please let us know!
- Steve Paruszkiewicz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.