Event Log Explorer comes with 3 methods of opening event log files: Standard, New API and Direct. Such an abundance of options may confuse users when choosing the method.
“What opening method should I use?” – a very common question of our customers.
The answer is very simple:
In most cases use New API method.
But what the other methods for?
First, I should remind that Event Log Explorer supports 2 formats of Event Log Files: classic EVT and modern EVTX. Windows NT, 2000 and XP/2003 log events into EVT files. To access these files Windows introduced a special Event Logging API which we call StandardAPI). Starting from Windows Vista/2008, Windows uses EVTX format. In the same time a new Windows Event Log API was introduced. For compatibility reasons, Windows allowed to open any file with any API although since Windows 7 support of EVT files was terminated.
In addition to Windows API, we developed our own way to access event files without using any API (direct access).
So if you have a modern Windows PC and you want to read classic EVT files, you have no choice except Direct method. More details are available in this article.
And if you want to open EVTX files, always use New API method. Using Standard method would also work, but for some events it may give you incorrect details. You can use Standard method e.g. if you are a software developer and make your own logging. In this case you may check your log to verify how it will look in legacy event log viewers. Direct method for EVTX files was designed to access these files on old Windows XP machines or to access corrupted EVTX log files.
Download Event Log Explorer and open your event files right now!
