Windows system log can realize human editors?
The problem is this:
Computer for work often need to modify the system time (to the past one day), but the modified Windows Event Log records in the Event Log will also change with time, now want to redirect to delete a part of the Log time disorder without affecting the other normal record (or will all the records to chronological ordering), is there a way to? Tried to write little tool directly edit log file (Windows 7 is *. Evtx, winXP is *. Evt), but after editing files in third-party log file browser display is the desired result, but if the edited files to mount to the Windows in the log viewer (registry, the file directory, is good to restart the computer) will be displayed is empty, the log will record from scratch, is it because the Windows will be encrypted log file, once artificial manipulation, deny? If the log file copy of the other computers on the computer (Windows), will read it properly, to illustrate the mutual recognition of the Windows to write their own log, please directly! Thank you very much!

CodePudding user response:

There seems to be a derived log interface API, but you have to write code

CodePudding user response:

See you want to spend how much the price of the
I would have a relatively easy to implement scheme:
1. Prepare a server for fashion, write a server to the role of "justice" is used to provide a time (not necessarily the right time, but must be a constant time axis)
2. When you want to log on the machine, and write a log reader, read one minute every minute (or last position read later, each log will have corresponding ID, after reading your ID) log, take time to find a pair server, according to the time to modify a log in time, then use your own format record (what is saved to the server or save in local random, recommended in a server)

CodePudding user response:

refer to the second floor Runnerchin response:

depends on how you want to spend the cost of the
I would have a relatively easy to implement scheme:
1. Prepare a server for fashion, write a server to the role of "justice" is used to provide a time (not necessarily the right time, but must be a constant time axis)
2. When you want to log on the machine, and write a log reader, read one minute every minute (or last position read later, each log will have corresponding ID, after reading your ID) of the log, take time to find a pair server, according to the time to modify a log in time, then use your own format record (what is saved to the server or save in local random, recommended in a server)

Thank you for your reply, but you may not know what I mean - log must be Windows can identify their format, that is to say, the modified logs, can let the Windows event viewer directly read (through the change of the registry, let the log file directory that point to write their own files), the question now is, does not admit his rewriting log file Windows, directly from the blank started to write, may be have a special inspection on the format of the file,,, but if from a Windows copy log files to other native, Windows is recognized, and then write a log directly,,,

CodePudding user response:

reference 1st floor mydo response:

there seems to be a derived log interface API, but you have to write code

Not to export, but on the spot to modify the current log file, the modified file Windows event viewer can continue to read and write, and now the question is, oneself to write documents, deny, Windows will reset to start from scratch to write directly, thank you

CodePudding user response:

I also encountered this problem, you have any good solution?

CodePudding user response:

Solve the building Lord, write small tools still is in, for reference of bai)

CodePudding user response:

www.winevtx.top
Windows system log (evtx, evt) editor, Windows can log manager)