Программа для просмотра логов windows

FullEventLogView
для Windows

OSForensics™ now inlcudes the Event Log Viewer, which allows users to view and examine event logs created by Windows Vista and beyond. It supports event logs with file extension .evtx located in the %System32%\winevt\Logs directory.

Some of the main features are:

• Allows to scan a drive or folder for loading a few Windows Event logs from different systems
• Supports Windows built-in Event Viewer-like viewing mode and advanced timeline chart view
• Advanced filtering options to locate interesting events quickly
• Customizable preset lists to filter forensically interesting Event IDs
• Supports Regular Expressions pattern search to peform a comprehensive analysis
• Export events to CSV, TXT or HTML

Картинка с сайта: www.osforensics.com

Here is the list of of Best Free Event Log Viewer Software For Windows. These software make the task of viewing Event Log easy for you. The Windows’ default Event Log Viewer tool is a bit complex and not so user friendly. So, if you want to take a look at your PC’s event log, these software will come in handy. You can not only view, but filter out and view only required events. You can also export event log as HTML, TXT, or Excel, and even take print out of selected or all events using these Event Log Viewer software.

Using these free event log viewer software, you can view your PC’s event log files, a remote PC’s event log files, or event log files stored separately on your PC.

Some of these freeware event log viewer let you view event details right on the main interface, and some open event details in separate window. One of the freeware let you export events as HTML report; you will be able to view event detail in the report.

My Favorite Event Log Viewer for PC:

I like FullEventLogView the most, as it is an easy to use Event Log Viewer, and displays events along with their details on the same interface. No advanced and unnecessary options can be found, making this a perfect viewer for event log files.

You can also checkout the list of best free Cataloging Software, System Information Viewers, and System Backup Software for Windows.

FullEventLogView

Картинка с сайта: listoffreeware.com

FullEventLogView is a free event log viewer for Windows. It lets you load and view even logs from your computer, from a remote computer, or from external folder containing log files. You can view all the log data on its interface along with various respective details. The events are sorted according to the time of event. For each event, you can view its Record ID, Event ID, Level, Channel, Provider, Description, Opcode, Keywords, Process ID, Thread ID, and User.

The interface of this event viewer software is dual pane. In one panel, you can see all the events. Click on an event, and you will be able to view its details in the second panel.

There are various options related to viewing event log available here. You can use the Find tool to look for a specific event. Select an event to copy it. If you want to view only a specific type of events, you can use the Filter option. Another important option lets you export even log report for all events or selected events.

Under Advanced Options, you can select the event level types to display in log. Here, you can also set a time duration for which you want to view event log files.

Note: The option to view event log from remote computer did not seem to work properly in this free event log viewer for PC.

Event Log Explorer

Картинка с сайта: listoffreeware.com

Event Log Explorer is an advanced event log viewer. Its different and better than conventional event log viewers. On its interface, it displays an event log tree in categories. So, if you want to view events related to Applications, Hardware, Key Manager, Security, Windows PowerShell, or any other category, click on the respective subtree to view related events. For each subtree, the related events are displayed in separate tabs. For each event, you can view its type, date, time, source, category, and description.

Filter tool has been provided if you are looking for a specific event. You can also save or export selected events or all events. Events can be exported as HTML, TXT, or Excel files. There are various other tools that you can make use of, such as Scheduler, Event alert, Analytical report, etc.

This event viewer software can also open log files saved on your PC. Although it has an option to view event log of remote computer, it didn’t work.

Note: This software is only free to use for personal and non-commercial purposes.

Windows Event Viewer Plus

Картинка с сайта: listoffreeware.com

Windows Event Viewer Plus is a simple yet useful event log viewer software for Windows. Just like Event Log Explorer, you can view events category wise. There is list of event log categories available on the interface. Click on a category to view respective events in this event viewer software. For each category, you can view total entries, along with errors and warnings found. The event logs are categorized as: Application, Hardware Events, Internet Explorer, Key management Services, Security, System, and Windows power Shell.

For each listed event, you can view its type, date, time, event ID, and source. Double click on an event to view its details. Unfortunately, you cannot export all or selected events, but you will find option to export one event at a time in TXT or DOC/DOCX format.

You can also use this software to view event log of remote PC. For this, the remote PC must have the viewer PC added in admin group.

EventLog Inspector

Картинка с сайта: listoffreeware.com

EventLog Inspector is an amazing event log viewer software for Windows. Its perfect for system administration, as it lets you easily monitor events. It notifies you of critical events, sends notice as email, generates event log report, and does more.

You cannot view event log  directly with this software. It lets you generate a report of event logs. Event log reports can be generated separately for event categories under EventLogs tab. You can generate report containing event log for the following categories: Application, Hardware events, Internet explorer, Key management service, Security, System, and Windows PowerShell. Reports are generated in HTML format.

Apart from event log, you can also view service log. Options in Settings menu let you configure warning reporting parameters. Set up email configuration to send notifications and do much more with this free event log viewer.

Note: You can only use this software for free for non-commercial purposes.

EventSentry Light

Картинка с сайта: listoffreeware.com

EventSentry Light is the free version of EventSentry, which lets you view event log files. Although the light version has limited features, it does its job as an event log viewer software. You can also open and view event log files in a separate folder.

To view local event log, select the Event Log viewer option from the list available in the left panel on the interface. The event logs are displayed for Application, Security, and System event categories. Click on a category to view respective event logs in the right panel. For each event, their type, date, time, source, category, ID, Computer, and Number are displayed. Click on an event to view more details about it. To view a specific type of event, you can make use of Filter option.

It has various other features that can make the job of system administration easy. Visit the Full vs Light comparison page to know about the features available in the free version.

EVT LogParser

Картинка с сайта: listoffreeware.com

EVT LogParser is an event log viewer software, which is a bit different from the above listed event viewers. It is based on Microsoft Log Parser and can be used to view filtered out events from externally saved event log files.

If you have Event log files separately saved on your PC which you want to view, then you can use this software. Remember, it cannot open event log files stored at Windows’ default location to save event log files.

Simply select the event log files you want to view. Now, you have to set the query filter to view events you are looking to view. You can filter the Event log using the following filters: EventID, Event Type, Source, Message, From time, and To time. Based on the filter set by you, this free event log viewer displays events. Double click on an event to view its details.

That’s pretty much that you can do with this free event viewer software.

See Also

• NK2Edit — Edit, merge and fix the AutoComplete files (.NK2) of Microsoft Outlook.
• EventLogChannelsView — enable/disable/clear event log channels.
• UninstallView — Alternative uninstaller for Windows 10/8/7/Vista

Description

FullEventLogView is a simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description.
It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files.
It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line.

Картинка с сайта: www.nirsoft.net

System Requirements

This utility works on any version of Windows, starting from Windows Vista and up to Windows 11. Both 32-bit and 64-bit systems are supported.
For Windows XP and older systems, you can use the MyEventViewer tool.

FullEventLogView vs MyEventViewer

MyEventViewer is a very old tool originally developed for Windows XP/2000/2003.
Starting from Windows Vista, Microsoft created a new event log system with completely new programming interfaces. The old
programming interface still works even on Windows 10, but it cannot access the new event logs added on Windows Vista and newer systems.
MyEventViewer uses the old programming interface, so it cannot display many event logs added on Windows 11/10/8/7/Vista.
FullEventLogView uses the new programming interface, so it displays all events.

Versions History

• Version 1.80:
  • Added ‘Black Background’ option (Under the View menu). When it’s turned on, the main table and the lower pane text-box are displayed in black background and white text, instead of default system colors.
  • Fixed issue: When copying data to the clipboard or exporting to tab-delimited file, every line contained an empty field in the end of the line.
• Version 1.78:
  • Added ‘Full Screen’ mode (View -> Full Screen or F11 key).
• Version 1.77:
  • Added ‘Sort By’ toolbar button.
• Version 1.76:
  • Fixed issue: The ‘Record ID’ value was limited to the size of 32-bit integer.
• Version 1.75:
  • Fixed the filter to work properly when new event items are added in ‘Auto Refresh’ mode.
• Version 1.74:
  • Updated to stop the event log scanner when you press the Esc key.
• Version 1.73:
  • The status bar now displays the current scanned event log channel/filename.
• Version 1.72:
  • Fixed to work properly when specifying to filter more than 23 event IDs (Workaround for limitation of event log queries).
• Version 1.71:
  • Fixed to display the time properly in AM/PM format.
  • Fixed the default columns size in high DPI mode.
• Version 1.70:
  • Added option to choose a single event log filename (.evtx or .etl file) in the ‘Choose Data Source’ window.
  • You can also load a single event log file (.evtx or .etl file) by dragging it from Explorer window into the main window of FullEventLogView.
• Version 1.68:
  • Added ‘Add Header Line To CSV/Tab-Delimited File’ option (Turned on by default).
• Version 1.67:
  • Fixed the /srawxml command-line option to save the raw xml much faster than the previous versions.
• Version 1.66:
  • ‘Show Event Strings In Columns’ option — You can now change the number of event string columns displayed when this option is turned on.
    You can do it by editing the following line in FullEventLogView.cfg (The default value is 10):
    
    EventStringColumns=10
  • You have to edit this value while FullEventLogView is not running.
• Version 1.65:
  • Added option to save the selected events as raw event XML (In ‘Save Selected Items’ option), which is the same XML you see in the lower pane when choosing Options -> Lower Pane Display Mode -> Show Event XML.
  • Added /srawxml command-line option to save the raw event XML from command-line.
  • Updated the HTML export feature to HTML5.
  • Added option to change the sorting column from the menu (View -> Sort By). Like the column header click sorting, if you click again the same sorting menu item, it’ll switch between ascending and descending order. Also, if you hold down the shift key while choosing the sort menu item, you’ll get a secondary sorting.
• Version 1.62:
  • Added option to specify user name and password for connecting a remote computer (In the ‘Choose Data Source’ window). You have to use this option if you get ‘Access is denied’ error message when trying to connect the remote computer.
• Version 1.61:
  • Fixed some high DPI mode issues.
• Version 1.60:
  • Added ‘Tray Balloon On New Event’ option. This feature is active only when both ‘Put Icon On Tray’ and ‘Auto Refresh’ options are turned on.
    When it’s active, FullEventLogView displays every new event in a tray balloon.
  • Added ‘Start As Hidden’ option. When this option and ‘Put Icon On Tray’ option are turned on, the main window of FullEventLogView will be invisible on start.
• Version 1.58:
  • Added ‘New FullEventLogView Instance’ under the File menu, for opening a new window of FullEventLogView.
• Version 1.57:
  • Added ‘Log File’ column, which displays the log filename if the event was loaded directly from .evtx or .etl file.
• Version 1.56:
  • In the the channel and provider fields of the ‘Advanced Options’ window — you can now choose the desired channel/provider from a combo-box.
• Version 1.55:
  • When reading .etl files that store the event data inside EventPayload element of the XML, FullEventLogView now automatically converts the EventPayload
    from hexadecimal string to readable text, and displays it as the decsription of the event.
    
    For example, you can use this feature to view the Windows Update logs from C:\windows\logs\WindowsUpdate on Windows 10.

  • Added ‘Copy Clicked Cell’ option to the right-click context menu, which copies to the clipboard the text of cell that you right-clicked with the mouse.
• Version 1.53:
  • Fixed bug: Wildcards didn’t work when using the ‘Search in full description string’ option.
  • Fixed to save the ‘Case Sensitive’ option of the Quick Filter in the .cfg file.
• Version 1.52:
  • Added ‘Select All’ and ‘Deselect All’ to the ‘Column Settings’ window.
• Version 1.51:
  • Added the ‘Clear All Events Of Selected Channel’ option to the context menu.
  • Increase the maximum size of the description filter string.
• Version 1.50:
  • Fixed bug: FullEventLogView remained in memory if you closed the main window during events scanning.
  • Added ‘Clear All Events Of Selected Channel’ option (Under the file menu). For example: If you select an event that its channel is
    ‘System’, using this option will delete all system events.
  • Added /ClearChannelEvents command-line option, which clears all events of the specified channel, for example:
    
    FullEventLogView.exe /RunAsAdmin /ClearChannelEvents «Microsoft-Windows-Bits-Client/Operational»

  • Added 2 modes to description filter: ‘Search in description parameters’ and ‘Search in full description string’. In previous versions, the search was made inside description parameters,
    but some people reported it’s a bug. The search is now made by default inside the full description string, but this search mode is slower because it requires to load the metadata and format the
    description string before the filtering process.

• Version 1.38:
  • Fixed bug: When trying to export events of remote computer from command-line, FullEventLogView loaded the events from local computer.
• Version 1.37:
  • Added ‘Case Sensitive’ option to the Quick Filter window.
• Version 1.36:
  • Added /RunAsAdmin command-line option for running FullEventLogView as administrator.
• Version 1.35:
  • Added new options to the ‘Quick Filter’ feature, including the option to filter the list by Event ID.
• Version 1.32:
  • When choosing to load only specific event IDs (From ‘Advanced Options’ window), the loading process is much faster.
• Version 1.31:
  • Fixed bug: When connecting a remote computer the following error was displayed — Error 50: The request is not supported.
• Version 1.30:
  • Fixed bug: FullEventLogView failed to display the event strings in the lower pane (‘Show Event Data + Description’ mode) and in the columns (‘Show Event Strings In Columns’ option).
  • You can now resize the properties window, and the last size/position of this window is saved in the .cfg file.
  • You can now send the data to stdout by specifying empty string as filename, for example:
    
    FullEventLogView.exe /scomma «» | more
• Version 1.28:
  • Fixed the lower pane to use the right font size in high DPI mode.
  • Added option to choose another font (name and size) to display in the main window.
• Version 1.27:
  • When exporting items with multiline description to tab-delimited file (Including the ‘Copy Selected Items’ option), FullEventLogView now put the description in quotes to
    ensure the exported data will be displayed properly in Excel and other programs.
• Version 1.26:
  • Added support for saving as JSON file.
• Version 1.25:
  • Added ‘Show Event Strings In Columns’ option (Under the Options menu). When it’s turned on, 10 new event string columns are added to the main table (‘String 1’, ‘String 2’, ‘String 3’…).
    These columns display the strings from the event decsription and you can click the column header in order to sort the events according to the event strings.
• Version 1.22:
  • Fixed bug: On some systems, FullEventLogView missed some of the events when using a time filter.
• Version 1.21:
  • Added /cfg command-line option, which instructs FullEventLogView to use a config file in another location instead if the default config file, for example:
    
    FullEventLogView.exe /cfg «%AppData%\FullEventLogView.cfg»
• Version 1.20:
  • Added option to filter according to strings of the event description (In ‘Advanced Options’ window).
  • Added ‘Quick Filter’ feature (View -> Use Quick Filter or Ctrl+Q). When it’s turned on, you can type a string in the text-box added under the toolbar and FullEventLogView will instantly filter the events table, showing only lines that contain the string you typed.
  • Fixed the lower pane to switch focus when pressing tab key.
• Version 1.12:
  • Added option to specify time range in GMT (‘Advanced Options’ window).
  • Fix bug: When using /SaveDirect command-line option, the file was always saved according to the default encoding, instead of using the selected encoding in Options -> Save File Encoding.
• Version 1.11:
  • Fixed bug: the process of exporting large amount of event log items from command-line was very slow, even when using /SaveDirect.
• Version 1.10:
  • Added option to automatically read archive log files (In ‘Choose Data Source’ window). This option works only when you run FullEventLogView as administrator.
• Version 1.06:
  • Fixed FullEventLogView to display event description properly when reading .evtx files from shadow copy (e.g: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\System32\winevt\Logs )
  • Fixed bug: FullEventLogView displayed error message when trying to read .etl files.
• Version 1.05:
  • FullEventLogView now displays an error message if it fails to load events from external evtx file or from remote computer.
  • Added ‘Choose Data Source’ icon to the toolbar.
• Version 1.00 — First release.

Start Using FullEventLogView

FullEventLogView doesn’t require any installation process or additional DLL files.
In order to start using it, simply run the executable file — FullEventLogView.exe

After running FullEventLogView, the main window loads and displays all events from the last 7 days.
You can change the default 7-days time filter and set other filters by using the ‘Advanced Options’ window (F9)

If you want to load the events from remote computer on your network or from event log files (.evtx), you should use the ‘Choose Data Source’ window (F7).

Lower Pane Display Mode

When you select an event in the upper pane, the lower pane displays the details of the selected event, depending on the display mode that you choose (Options -> Lower Pane Display Mode):

• Show Event Description:
  Displays the full description of the event. Some event descriptions are too long for watching them in the ‘Description’ column, so you can view the long event description in the lower pane.
• Show Event Data + Description:
  Displays the full description of the event and additional data stored in this event.
• Show Event XML:
  Displays the full XML of the event.

Refresh (F5) And Smooth Refresh (F8)

FullEventLogView provides 2 types of refresh actions:

• Refresh (F5): Reloads the entire event log
• Smooth Refresh (F8): FullEventLogView only adds the new event items that have been created since the previous refresh.

Auto Refresh Mode

When Auto Refresh mode is turned on (Options -> Auto Refresh -> Every x seconds), FullEventLogView
automatically executes a smooth refresh according to the refresh interval you choose, so you’ll be able to see when a new event log item is created.

Show Event Strings In Columns

You can turn on the ‘Show Event Strings In Columns’ option if you want to view all event strings in the upper pane table.
By default, FullEventLogView displays 10 event string columns (String 1, String 2, String 3,…).
If you need more than 10 event string columns, You can do it by editing the following line in FullEventLogView.cfg:

EventStringColumns=10

You have to edit this value while FullEventLogView is not running.

Run As Administrator

By default, FullEventLogView doesn’t request elevation (Run As Administrator). If you want to watch events thar are only available with administrator privilege (like the security log),
you have to run FullEventLogView as administrator by press Ctrl+F11.

Command-Line Options

Translating FullEventLogView to other languages

In order to translate FullEventLogView to other language, follow the instructions below:

1. Run FullEventLogView with /savelangfile parameter:
   
   FullEventLogView.exe /savelangfile
   
   A file named FullEventLogView_lng.ini will be created in the folder of FullEventLogView utility.
2. Open the created language file in Notepad or in any other text editor.
3. Translate all string entries to the desired language.
   Optionally, you can also add your name and/or a link to your Web site.
   (TranslatorName and TranslatorURL values) If you add this information, it’ll be
   used in the ‘About’ window.

4. After you finish the translation, Run FullEventLogView, and all translated
   strings will be loaded from the language file.
   
   If you want to run FullEventLogView without the translation, simply rename the language file, or move
   it to another folder.

License

This utility is released as freeware.
You are allowed to freely distribute this utility via floppy disk, CD-ROM,
Internet, or in any other way, as long as you don’t charge anything for this and you don’t
sell it or distribute it as a part of commercial product.
If you distribute this utility, you must include all files in
the distribution package, without any modification !

Disclaimer

The software is provided «AS IS» without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.

Feedback

If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to nirsofer@yahoo.com

FullEventLogView is also available in other languages. In order to change the language of
FullEventLogView, download the appropriate language zip file, extract the ‘fulleventlogview_lng.ini’,
and put it in the same folder that you Installed FullEventLogView utility.