« previous next »
Pages: [1]

Topic: Event Viewer (PE)  (Read 1057 times)

Event Viewer (PE)
« on: October 24, 2018, 06:18:01 PM »

dazza

  • Chef
  • ***
  • Date Registered: Jan 2017
  • Posts: 244
Hi

New tool I have created so you can easily view the event logs on a host computer whilst booted into PE

Requires .NET, but works with both 32-bit and 64-bit PE

.NET version = 4.6.1

Tested here on Win10XPE booting on hosts running Windows 10 and Windows Server 2016 - all event logs available to read through

For security logs it also extracts more detailed information

Grid control used to display results enabled advanced filtering and searching of the event logs, and I have added code to group same events and for conditional formatting in colour of event level e.g. warning, error, information or critical

EDIT: can also press Ctrl+F to open up find dialog which allow searching event logs much quicker than you can with standard event viewer.

EDIT2: clicking on icons in column headers for advanced filtering

ila_rendered

N.B. external link as too big for forum attachment  :sad:

25/10/18 v1.1

Event_Viewer_PE.7z

Win10XPE plugin available here = http://theoven.org/index.php?topic=2607.msg28642#msg28642

Was written for my own requirements but perhaps may be useful to someone else as well  :thumbsup:

Any problems please send me a PM along with following information - Windows version of your host including whether 32 or 64-bit, along with any errors messages or screenshots to help me fix problems
« Last Edit: October 28, 2018, 04:17:01 PM by dazza »
Re: PE Event Viewer
« Reply #1 on: October 24, 2018, 07:08:29 PM »

bob.omb

  • Code Baker
  • Grand Chef
  • *****
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 1261
Very nice find  :thumbsup:
Re: PE Event Viewer
« Reply #2 on: October 24, 2018, 08:14:54 PM »

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 266
hi,
Good tool and Good initiative !


But why not use the native tool EVENTVWR. MSC and open an event log file that is present in the disk as C:\WINDOWS\SYSTEM32\WINEVT\LOGS\APPLICATION.EVTX for example with the menu Action/Open Saved log ?
To launch the EventLog service, see my PDF file  ( http://theoven.org/index.php?topic=1639.0 )
Faster and simpler, in my opinion..

Bonsoir.
Re: PE Event Viewer
« Reply #3 on: October 24, 2018, 08:26:03 PM »

dazza

  • Chef
  • ***
  • Date Registered: Jan 2017
  • Posts: 244
Quote from: noelBlanc on October 24, 2018, 08:14:54 PM
hi,
Good tool and Good initiative !


But why not use the native tool EVENTVWR. MSC and open an event log file that is present in the disk as C:\WINDOWS\SYSTEM32\WINEVT\LOGS\APPLICATION.EVTX for example with the menu Action/Open Saved log ?
To launch the EventLog service, see my PDF file  ( http://theoven.org/index.php?topic=1639.0 )
Faster and simpler, in my opinion..

Bonsoir.
Fair point, but I wanted my own tools, and it is good learning experience - and it has features above and beyond the standard event viewer such as much faster searching, filtering, conditional formatting, grouping etc
Pages: [1]
« previous next »
 
Powered by EzPortal