Files in Event Log Explorer Forensic Edition. Searching for removed events

Although Standard Edition of Event Log Explorer works with event log files perfectly, you may need more functionality when analyzing damaged or intentionally modified event log files. I’m starting a series of articles about the advanced use of Event Log Explorer Forensic Edition with files. Let’s imagine that you examine an event log with removed events. If you believe that it’s impossible to remove events… Read More »

Event Log Explorer Forensic Edition

Recently we released a new edition of Event Log Explorer – Forensic Edition. Currently it has a beta version status – the final release will appear after we complete the documentation and add extra forensic features. Here I will describe the difference between the standard and forensic editions. The program keeps all features of the Standard Edition, and you commonly don’t need to use the… Read More »

Setting up Windows to read events from remote computers over a local network.

Reading event logs from remote computers is crucial for network audit. Both Event Log Explorer and Windows Event Viewer applications allow the system administrators to read event logs remotely. However sometimes (mainly in no Active Directory environment) sysadmins have problems with accessing remote event logs. In this article, I’ll explain how to setup Windows to make event logs accessible over a network. As a rule,… Read More »

Event Log Explorer 5 beta 2

Recently we released a new beta of Event Log Explorer 5 and I will show you what features we added. One of the great new features is a Task. The task defines what events will be picked, which computers from and how they will be displayed. Example of a task: Display all warning, error and critical events from System and Application logs of VM2012 and… Read More »

How to display logons of non-domain users to the system

Sometimes you may need to display who logons your server except for the authenticated domain users. It could be authenticated users from the trusted domain, local users, system services, etc. First, we define that we will filter the Security log by Event Id = 4624 (as we did before). The event description of this event looks like An account was successfully logged on. Subject:                … Read More »

Windows Event. Level, Keywords or Type.

When you take the first look to Event Log Explorer, you may notice Type column in the event list. In the same time, Windows Event Viewer doesn’t have this column, which may confuse you. If you worked with Windows Event Viewer in old times (with Windows XP or below), you could see the Type column. There were 5 types of events that can be logged… Read More »

PowerShell may spoil command-line arguments when running external programs

Nowadays, Windows PowerShell is considered as a replacement of the classic Windows Console (Command Prompt) utility. In Windows 10, it can be set as a default console in Win+X menu In most cases, when you run command-line utilities from PowerShell and Command Prompt, they will behave exactly the same. However, we discovered that sometimes our command-line utilities work incorrectly when starting from PowerShell, while there… Read More »

New utility to export event logs into different formats

Event Log Explorer can export events into Excel, HTML, CSV and PDF files. The export is implemented as an option of user interface and it can be scheduled using internal Event Log Explorer scheduler. Some time ago, I wrote a couple of articles how to schedule export of events into Excel: https://eventlogxp.com/blog/exporting-event-logs-with-windows-powershell/ https://eventlogxp.com/blog/case-study-generating-regular-reports-about-the-problems-in-your-windows-network/). Both methods are not without drawbacks. The Powershell method doesn’t work well… Read More »