Analyze Windows event logs efficiently

Event Log Explorer features and benefits

Event Log Explorer is a customer-driven software. Most of the advanced features were suggested by our users. With these features Event Log Explorer makes a step from ordinary event data viewing to its real analysis.

Access Windows event logs and event log files on local and remote servers and workstations
Like Windows Event Viewer, Event Log Explorer accesses Windows event logs and event log files from both local and remote servers. However unlike Event Viewer, you can view several event logs (and log files) at one time — in different windows or even in one consolidated window (merged event log view).
Support of both classic Windows NT event log format (EVT files) and new (Crimson) event log format (EVTX files)
When possible you can choose between legacy Windows NT API and modern Windows Event Log API to access Windows event logs and event log files. Modern API works a little slowly, but provides more detailed information about events.
High performance — all events are loaded either into memory or into an optimized internal local database
To perform smooth event analysis, Event Log Explorer reads events into its own temporary storage. Depending on event log size, you can choose between memory and disk storage.
Active monitoring and alerting — get informed about problems immediately
You can setup Event Log Explorer to monitor events generated by your systems and to notify you when a specific event has fired. This helps you to get informed about problems promptly and potentially before they affect you.
Event log consolidation — you can consolidate different events in one place
Event Log Explorer allows you not only to read events from different sources, but to consolidate them in one event view. You can review such a view as a solid log. You can even save this consolidated event log as an EVT file.
Tabbed-document and multiple-document user interface depending on user preferences
Event Log Explorer provides you with 2 user interface types. Multiple-document interface (MDI) allows you to open unlimited number of event logs and place them all inside the main window of Event Log Explorer. Tabbed-document interface (TDI) allows you to open unlimited number of event logs and features the best way of navigation between logs.
Log loading options to pre-filter Windows event logs
With Event Log Explorer you may load events from dozens of Windows servers simultaneously. As a rule, you don't need to load all the events from all logs. E.g. you may want to exclude Information events or load only recent events. Log loading options help you to pre-filter events at loading stage.
Advanced filtering by any criteria including event description text
You can easily filter events by any criteria. The filters are reusable - you can save them as a file and apply to other event logs. You can use regular expressions (Regexps) to filter by event description text. The application lets you link events by event ID and description parameters and filter out all other events. Such linked event filtering helps you to analyze Security log.
Favorite computers and their logs are grouped into a tree
With Event Log Explorer you can view event logs on different Windows servers and workstations. For your convenience, you can group your computers in a tree. Then you can select the desired event log and it will be opened immediately.
Manual and automatic backup of Windows event logs
Backing up event logs is a really important task. Very large event logs may affect system performance, but administrators must be able to analyze past events. The appropriate solution is to limit the size of Windows event logs, and backup event logs on regular basis. Event Log Explorer allows you to save event logs as event log files manually or automatically.
Fast navigation with bookmarks
Modern Internet browsers allow you to save favorite URLs as bookmarks that can be easily restored. Similarly Event Log Explorer allows you to mark any events as bookmarked and then you can easily return to these events.
Compatibility with well-known event knowledge bases
You can get more information about event in the public event knowledge bases. Event Log Explorer supports EventID.net and Microsoft knowlegebases.
Color coding by Event ID
Color coding allows you to easily distinguish between different events. You can change text color, font style and background color for specific events.
Print and export to different formats
With Event Log Explorer you can print Windows event logs and export to other formats. Print options let you select from several print styles. Event Log Explorer supports export to HTML, tab-separated and Excel documents.
Analytical reports - summary tables and pivot charts
You can easily create pivot tables and pivot chart reports from your events. E.g. you can summarize event types by date or get statistics by event identifier, event source, and so on.
Direct access to EVT files allowing you to read damaged EVT files and generate EVT files from chosen events
Event Log Explorer can access EVT files directly (without Windows Event Log API). This allows you to read damaged event logs, read event logs when Windows Event Log service is not available (e.g. in BartPE or other preinstalled environment). You can also generate your own EVT files.
Direct access to EVTX files allowing you to read new EVTX files on old Windows
Event Log Explorer can access EVTX files directly (without new Windows Event Log API). This allows you to open new event log files (EVTX) on any computer, i.e. with Event Log Explorer you can read EVTX files on Windows XP machines
Scheduler to run some event log tasks on schedule
You can automate some tasks using built-in scheduler. E.g. you can schedule event log export or print tasks.
Credential manager
When you are opening an event log from a remote server, Event Log Explorer is trying to use your current credentials to access it. Sometimes you may need to access remote event logs using alternative credentials. Credential manager lets you store different credentials for each server and use them when you are trying to open remote Windows event log.
Event list can be sorted by any column and in any direction
Like Windows Event Viewer, the program lets you sort event list by any column - just click on the column header, and event list will be re-sorted immediately. If you click on the column twice - the event list will be resorted in the backward direction. In the program preferences, you can set the default sorting which will be applied when you opening a log.
Time correction
Event time is stored as UTC time. When you open a log generated on a server located in another time zone, you may want to virtually move to that time zone and view events from there. Time correction helps you to view event from any time zone.
Servers import
If you manage a large network, you will find how easy you can import all your servers to the program. Just create a list of your servers and the program will import them all. You can also ask Event Log Explorer to scan your network (Active Directory) and build the list of your computers automatically.



