home.social

#eventlogs — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #eventlogs, aggregated by home.social.

  1. hasamba @[email protected] ·

    ----------------

    🛠️ Tool
    ===================

    Opening: Tool purpose and capabilities overview

    EventLogExpert is a Windows-focused Event Log viewer designed for technical support, IT professionals, and DFIR practitioners. The project emphasizes performance with the ability to load very large .evtx files, support multiple concurrent files, and present an interleaved combined view that helps correlate events across servers.

    Key Features

    • Fast bulk loading of large .evtx files and concurrent multi-file handling.

    • Interleaved combined view for correlating events from multiple hosts in a single timeline.

    • Inline event description previews within the table to reduce the need for opening individual records.

    • Friendly UI filters via drop-downs and an Advanced Filter option that accepts LINQ expressions for precise querying.

    • Ability to create an event database to enable viewing of product-specific logs (for example, Exchange or SQL Server logs) on machines that lack those products.

    • Live log viewing mode that functions as a usable replacement for Event Viewer by continuously updating and showing new events in real time.

    Technical Implementation (conceptual)

    The tool centers on efficient parsing and indexing of .evtx files to support rapid random access and merged timelines. The combined view implies an internal timestamp-based merging mechanism and a lightweight local database capability for normalized event storage and cross-host lookups. The Advanced Filter accepting LINQ suggests .NET-based expression parsing and runtime filtering against in-memory or on-disk event objects.

    Use Cases

    • Incident responders correlating events across multiple servers to reconstruct timelines.

    • Support engineers examining large exported log archives without waiting for slow viewers.

    • Administrators wanting a lightweight alternative to Event Viewer with richer filtering and preview capabilities.

    Limitations and Considerations

    • The project distributes as a Windows package (.msix) and targets Windows 10/11 and Server; runtime requirements and auto-update behavior may vary by OS version.

    • Creating and using an event database is useful for portability but may require storage and maintenance considerations depending on scale.

    Hashtags

    🔹 tool #evtx #eventlogs #forensics

    🔗 Source: github.com/microsoft/EventLogE

    #forensics #eventlogs #evtx
  2. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Windows Event Logs - I have just completed this room! Check it out: tryhackme.com/room/windowseven #tryhackme #eventlogs #wevtutil #get-winevent #eventviewer #windowseventlogs via @RealTryHackMe

    #tryhackme #eventlogs #wevtutil #get #eventviewer #windowseventlogs
  3. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Windows Event Logs - I have just completed this room! Check it out: tryhackme.com/room/windowseven #tryhackme #eventlogs #wevtutil #get-winevent #eventviewer #windowseventlogs via @RealTryHackMe

    #tryhackme #eventlogs #wevtutil #get #eventviewer #windowseventlogs
  4. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Windows Event Logs - I have just completed this room! Check it out: tryhackme.com/room/windowseven #tryhackme #eventlogs #wevtutil #get-winevent #eventviewer #windowseventlogs via @RealTryHackMe

    #windowseventlogs #eventviewer #get #wevtutil #eventlogs #tryhackme
  5. :hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·

    Windows Event Logs - I have just completed this room! Check it out: tryhackme.com/room/windowseven #tryhackme #eventlogs #wevtutil #get-winevent #eventviewer #windowseventlogs via @RealTryHackMe

    #tryhackme #eventlogs #wevtutil #get #eventviewer #windowseventlogs
  6. Dan :dumpster_fire: @[email protected] ·

    Got #PowerShell 7 and not seeing event logs in your triage? N.B. for PowerShell 7: Windows PowerShell logs events to "Microsoft-Windows-PowerShell/Operational"), but PowerShell 7 now logs events to "PowerShellCore/Operational." Detailed (e.g., Script Block) logging is NOT enabled by default.

    PowerShell 7 includes Group Policy templates and an installation script in $PSHOME. Specifically, you can use the "RegisterManifest.ps1" and "InstallPSCorePolicyDefinitions.ps1" scripts in the PS7 installation directory to enable logging.

    Also, ISE doesn't support PS7 :( --> but there is an official Visual Studio Code extension that does, and it even has an "ISE Mode."

    H/T Nasreddine Bencherchali ( @[email protected] ): twitter.com/nas_bench/status/1

    I also consulted learn.microsoft.com/en-us/powe

    #PowerShell7 #DFIR #eventlogs #logging #artifacts

    #powershell #powershell7 #dfir #eventlogs #logging #artifacts
  7. Tero Keski-Valkama @[email protected] ·

    I have this long-term #project of applying #DifferentiableComputing and #DeepLearning to #industrial #AnomalyDetection.

    I have created a #simulation of a #FlexibleManufacturingSystem for benchmarking on #uncorrelated #ProcessTraces, or #interlaced #EventLogs, and have some approaches to solve this under work.

    If you're interested in this from the perspective of research, collaboration, investment or just general curiosity, please let's get in touch!

    #project #differentiablecomputing #deeplearning #industrial #anomalydetection #simulation