This is a very useful tool for slicing and dicing an event log very quickly. It doesn’t matter whether it’s a system event log, application event log, or an Enterprise Vault event log, it will handle them all. The only thing to remember to do for Enterprise Vault event logs is to register vaultmessages.dll, otherwise you won’t see the events properly. You’ll see :-
Instead of :-
To use Event Log XP you have to open your event logs. I always find that using “Direct” works :
Standard, often gives you this error :
What you then do is begin the process of slicing and dicing the event log, usually to exclude all of the stuff you’re not interested in, is a good way to start. To do this hover over the column, and right click to bring up this menu :
In my case I want to choose the second one down, to exclude all the crypt32 entries.
I then did : category <> “Monitoring”, and I’m left with a bunch of items, and one that stands out as being interesting :
I now, hover over the Event ID column, right click, and choose to filter to show ONLY the event ID 4145’s, and see this :
This can’t be good for my system… constantly logging that it is low on disk space, for quite some time now. I ought to fix that!
You can reset things at any time, and do other activities via the toolbar at the top of Event Log XP :
For the advanced user you can leap straight in to the main filter page.
Finally if you are comparing event logs from a number of different systems, it is often useful to save the events logs together as a batch, or as Event Log XP calls it, a workspace. You can then open the workspace the next time you’re in Event Log XP (or double click on it from explorer) and it will show you the saved event logs.