{"id":381,"date":"2019-03-04T20:31:39","date_gmt":"2019-03-04T20:31:39","guid":{"rendered":"http:\/\/eventlogxp.com\/blog\/?p=381"},"modified":"2020-05-17T21:45:38","modified_gmt":"2020-05-17T21:45:38","slug":"windows-event-viewer-cannot-read-classic-event-logs-anymore","status":"publish","type":"post","link":"https:\/\/eventlogxp.com\/blog\/windows-event-viewer-cannot-read-classic-event-logs-anymore\/","title":{"rendered":"Windows Event Viewer cannot read classic event logs anymore"},"content":{"rendered":"\n<p class=\"has-text-color has-vivid-red-color\"><strong>Update of May 18, 2020<\/strong>: It looks like Windows 10 1909 doesn&#8217;t have this issue. <\/p>\n\n\n\n<p>Although era of Windows XP is over, there are still a great number of PCs running this operating system or Windows 2003 Server. According to different researches, in 2018 Windows XP market share was more than 4% of all desktop operating systems. Windows 2003 Server still has more than 10% of server operating systems. Moreover, Microsoft still supports Windows Embedded POSReady 2009 which is based on Windows XP. <\/p>\n\n\n\n<p>This means\nthat millions of computers across the globe still run XP-based OS and log their\nevents in classic (evt) event logs. <\/p>\n\n\n\n<p>When\nWindows Vista appeared in 2007, it introduced a new event log format along with\nnew Event Viewer. This Event Viewer went through Windows 7, 8, and got to\nWindows 10 practically unchanged. It was designed to open event log files in both\nformats \u2013 new (evtx) and legacy (evt). <\/p>\n\n\n\n<p>Unfortunately, Windows API doesn&#8217;t support evt files anymore and API function OpenBackupEventLog returns error 1500 &nbsp;(Log file is corrupted) when opening evt files. That&#8217;s why many third-party event viewers cannot read evt files on modern Windows. Event Viewer parses evt files and displays them like native evtx files. However, Windows 10 Event Viewer stopped working correctly. &nbsp;First, we noticed that it doesn&#8217;t display event date and time for evt log files exported with Event Log Explorer (our application can export events to legacy format). Suggesting that this issue could be a bug of Event Log Explorer, we took several event log files from Windows XP \u2013 we saved several event logs as files using Windows XP Event Viewer and got a couple of &#8220;live&#8221; legacy event logs. In every case, Windows 10 Event Viewer failed to display event datetime for these log files.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure.png\" data-rel=\"lightbox-gallery-kJZp8vly\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" width=\"1024\" height=\"618\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure-1024x618.png\" alt=\"Windows Event Viewer doesn't display date time of classic legacy logs.\" class=\"wp-image-382\" srcset=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure-1024x618.png 1024w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure-300x181.png 300w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure-768x463.png 768w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure-660x398.png 660w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/EventViewerDateTimeFailure.png 1124w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Since event\ntimestamp is a key field for any forensic examination, this makes impossible\nusing Windows Event Viewer as a forensic tool for legacy log analysis. <\/p>\n\n\n\n<p>Event Log\nExplorer doesn&#8217;t have this problem and displays event date and time correctly.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex.png\" data-rel=\"lightbox-gallery-kJZp8vly\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" width=\"1024\" height=\"618\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex-1024x618.png\" alt=\"Event Log Explorer displays date and time correctly\" class=\"wp-image-383\" srcset=\"https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex-1024x618.png 1024w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex-300x181.png 300w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex-768x463.png 768w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex-660x398.png 660w, https:\/\/eventlogxp.com\/blog\/wp-content\/uploads\/2019\/03\/DateTimeInElex.png 1124w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Want to read evt files? <a href=\"http:\/\/eventlogxp.com\/download\/elex_setup.exe\">Download Event Log Explorer now!<\/a><\/p>\n<a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-facebook nolightbox\" data-provider=\"facebook\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;t=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore&#038;s=100&#038;p&#091;url&#093;=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;p&#091;images&#093;&#091;0&#093;=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F03%2Feventviewerbug.png&#038;p&#091;title&#093;=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img alt=\"Facebook\" title=\"Share on Facebook\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/facebook.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-twitter nolightbox\" data-provider=\"twitter\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;text=Check%20this%20Event%20Log%20Explorer%20blog%20post\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img alt=\"twitter\" title=\"Share on Twitter\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/twitter.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-reddit nolightbox\" data-provider=\"reddit\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Reddit\" href=\"https:\/\/www.reddit.com\/submit?url=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;title=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img alt=\"reddit\" title=\"Share on Reddit\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/reddit.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-pinterest nolightbox\" data-provider=\"pinterest\" target=\"_blank\" rel=\"nofollow\" title=\"Pin it with Pinterest\" href=\"https:\/\/pinterest.com\/pin\/create\/button\/?url=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;media=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F03%2Feventviewerbug.png&#038;description=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img alt=\"pinterest\" title=\"Pin it with Pinterest\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/pinterest.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-linkedin nolightbox\" data-provider=\"linkedin\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Linkedin\" href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381&#038;title=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px\"><img alt=\"linkedin\" title=\"Share on Linkedin\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/linkedin.png\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-mail nolightbox\" data-provider=\"mail\" rel=\"nofollow\" title=\"Share by email\" href=\"mailto:?subject=Windows%20Event%20Viewer%20cannot%20read%20classic%20event%20logs%20anymore&#038;body=Check%20this%20Event%20Log%20Explorer%20blog%20post:%20https%3A%2F%2Feventlogxp.com%2Fblog%2Fwp-json%2Fwp%2Fv2%2Fposts%2F381\" style=\"font-size: 0px;width:24px;height:24px;margin:0;margin-bottom:5px\"><img alt=\"mail\" title=\"Share by email\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline;width:24px;height:24px;margin: 0;padding: 0;border: none\" src=\"https:\/\/eventlogxp.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/mail.png\" \/><\/a>","protected":false},"excerpt":{"rendered":"<p>Update of May 18, 2020: It looks like Windows 10 1909 doesn&#8217;t have this issue. Although era of Windows XP is over, there are still a great number of PCs running this operating system or Windows 2003 Server. According to different researches, in 2018 Windows XP market share was more than 4% of all desktop operating systems. Windows 2003 Server still has more than 10%\u2026 <span class=\"read-more\"><a href=\"https:\/\/eventlogxp.com\/blog\/windows-event-viewer-cannot-read-classic-event-logs-anymore\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":385,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[40],"tags":[68,65,66,67,49],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/381"}],"collection":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/comments?post=381"}],"version-history":[{"count":4,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/381\/revisions"}],"predecessor-version":[{"id":447,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/posts\/381\/revisions\/447"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/media\/385"}],"wp:attachment":[{"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/media?parent=381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/categories?post=381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eventlogxp.com\/blog\/wp-json\/wp\/v2\/tags?post=381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}