Time Offset for .evtx files


Time Offset for .evtx files
View
Options
Author
Message
AndreasP
AndreasP
AndreasP
posted 3 Years Ago
I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)
Group: Forum Members
Posts: 50, Visits: 218
Hi Toby,

I just wanted to apply a time offset to an windows event log file (.evtx). However the menu item is disabled for this file.
Is this by intention or a bug?

Regards
Andreas
Reply Like 1
LogViewPlus Support
LogViewPlus Support
LogViewPlus Support
posted 3 Years Ago
Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)
Group: Moderators
Posts: 1.1K, Visits: 3.7K
Hi Andreas,

This is by design, but it is probably something that we need to revisit.  The issue here is that binary log files are processed differently from other log file types and support for post-processors (like the Time Offset) was never added.  Currently, the EVTX reader is the only binary parser that ships with LogViewPlus.

We currently have a version of LogViewPlus in BETA, the release after this one is going to be focused on improved parsing.  I think it is a good time to review the post processor support.

Thanks for bringing this issue to our attention.

Toby
Reply Like 2
LogViewPlus Support
LogViewPlus Support
LogViewPlus Support
posted 3 Years Ago
Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)
Group: Moderators
Posts: 1.1K, Visits: 3.7K
Hi Andreas,

I just wanted to let you know that we have now released LogViewPlus v2.5.19 as a beta release. This release adds time offset support to log readers and data sources (including EVTX files).

Hope that helps.  Thanks for bringing this issue to our attention!

Toby
Edited 3 Years Ago by LogViewPlus Support
Reply Like 1
AndreasP
AndreasP
AndreasP
posted 3 Years Ago
I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)I'm into this (247 reputation)
Group: Forum Members
Posts: 50, Visits: 218
Hi Toby,

I used the new feature today in an analysis and it worked!

Thanks!

Andreas
Reply Like 2
LogViewPlus Support
LogViewPlus Support
LogViewPlus Support
posted 3 Years Ago
Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)Supreme Being (5.3K reputation)
Group: Moderators
Posts: 1.1K, Visits: 3.7K
Glad that helped Andreas - thanks for letting me know!

Toby
Reply Like 2
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...



Submit

Similar Topics

Post Quoted Reply

Login

Explore
Messages
Mentions
Search