Программа для чтения логов windows

Event Log Explorer™ — решение для анализа журналов событий Windows

Event Log Explorer™ это эффективное средство для просмотра и анализа событий, хранящихся в журналах
операционных систем семейства Microsoft Windows.
Программа позволяет существенно ускорить и упростить решение задач анализа журналов событий, таких как журнал безопасности,
журнал приложений, журнал системы, журнал установки и других.

Возможности Event Log Explorer существенно шире, чем у стандартного приложения Просмотр событий Windows (Event Viewer).
Event Log Explorer лучше выполняет базовые функции и дает массу новых возможностей для анализа журналов событий.
По отзывам пользователей, Event Log Explorer позволяет ускорить анализ журналов Windows в 2 раза и более.

Преимущества Event Log Explorer

Мгновенный доступ к журналам событий
Event Log Explorer работает как с локальными журналами событий, так и журналами других компьютеров сети, а также
с файлами журналов в форматах EVT и EVTX, в том числе и напрямую.
Event Log Explorer позволяет извлекать данные даже из поврежденных файлов.

Доступ к журналам компьютеров сети и файлам осуществляется в один щелчок мыши с помощью дерева объектов Event Log Explorer.

Объединение журналов событий
Если вы когда-либо пытались объединять события из журналов разных компьютеров вашей сети для совместного анализа в стандартном Просмотре событий,
то вы оцените простоту и удобства объединенных представлений журналов событий в Event Log Explorer.
Создать объединение журналов разных компьютеров можно в несколько щелчков мыши, причем можно установить фильтр уже на этапе загрузки событий
и далее работать только с нужными событиями.

Эффективные средства фильтрации событий

Event Log Explorer предлагает несколько способов фильтрации событий из журналов Windows:
пред-фильтрация событий при загрузке данных лога, фильтрация по подобию (quick filter) в 2 щелчка мыши,
не имеющая аналогов фильтрация описаний событий по регулярным выражениям и фильтрация по параметрам описаний событий безопасности.
Не менее важна и простота создания сложных фильтров. В Event Log Explorer вы можете сохранять и загружать ваши фильтры,
вести библиотеку фильтров.

Экспорт событий и генерация отчетов
В Event Log Explorer реализованы возможности экспорта данных и формирования отчетов.
Вы сможете экспортировать журналы целиком, объединения нескольких журналов,
любые выборки событий и отдельные события в форматы Microsoft Excel, CSV-текст, HTML и т.д.
Генератор отчетов позволяет печатать различные представления логов и событий,
а также создавать аналитические отчеты.

Встроенный планировщик позволяет автоматизировать регулярный экспорт данных, в том числе объединенных из разных журналов и отфильтрованных,
а также автоматически печатать отчеты.

Рабочие среды

Рабочие среды, сконфигурированные вами для ваших задач, позволяют сохранить и быстро восстановить открытые журналы или объединенные виды с примененными фильтрами, а также настройки автоматизации.
Это заметно ускоряет выполнение регулярных, повторяющихся задач.

Преимущества Event Log Explorer для IT-администрирования

Преимущества Event Log Explorer для расследований

Преимущества для руководителей

Скачать Event Log Explorer

Приобрести лицензию Event Log Explorer

Here is a list of Best Free log Viewer Software for Windows. These free log analyzer let you open large log files easily. In this list of free log file viewer software, you will find some freeware which only let you view log files, while some let you edit log files. Most of these log viewers come with search feature, using which, you can search for a particular text or string within the entire log. Some of these log viewer software come with advanced features, like: encoding, advanced filters, multiple file formats support, etc. Apart from these features, you can also print log files using some of these free log viewer software.

Each of these log viewers has its own advantages and disadvantages. Some of these software are designed to open very large log files of size more than 1GB in less than a second, while some software restricts this size up to 300 MB. In this list, you will find some log viewer software that open multiple log files in multiple tabs and lets you switch among these tabs easily.

One of these software comes with live capturing feature and captures a log file in different log formats. Explore the list to know more about this software.

My Favorite Log Viewer software:

Universal Viewer is my favorite log viewer software in this list. It is one of the log viewers in the list that are designed to open very large log files instantly. It took less than 1 second to open a large log file of size 1GB. Besides this it has many good features. If I talk about search feature, it comes with filters that you can apply to your searches in order to get refined results. You can search for regular expressions, whole words, modify your search by enabling case sensitive filter, etc. Moreover, it also features directional search. Apart from this, it also lets you convert a log file into different codes like, binary, hex, RTF, etc.

You may also like the list of some PRT Viewer Software, DBF Viewer Software, and PCL Viewer Software for Windows.

Universal Viewer

Universal Viewer is another log file viewer that can be used for viewing heavy log files. I don’t know the maximum size of a log file that it supports, but I have opened 1 GB log file in this free log viewer and it opened it in less than 1 second. This shows how fast this software is. One of the advantages of this software is that you can open all log files one by one by clicking previous file or next file buttons if all log files are located in the same folder. It does not lets you edit a log file but a lot more features are available in this freeware.

To analyze a log file, search is a very important tool. You can find a text or a string in this software with the help of Find tool available. There are different filters available in the software which you can use to refine your search. Following are these filters that are beneficial for getting more relevant search results:

• Case Sensitive: Like other log file readers in this list, case sensitive feature is also same for this software.
• Whole Words Only: Enable this filter, this software considers the typed letters as a complete word and searches for that.
• Regular Expressions: Log files contain many regular expressions. This tool is designed to search such type of expressions.
• Direction: This feature lets you start your search either from top to bottom or from bottom to top.
• Origin: This type of search mode starts searching texts either from the position where you have placed cursor in a log file or from the beginning.

Have a look at some of its general features:

• You can rename any log file.
• On pressing F5 key, you can copy the entire file to any folder on your PC.
• You can also move a log file to any folder on your system.
• Print feature is available in this freeware. You can preview a file before taking its print-out.
• It can also display non-printable characters.
• You can copy a selected string or whole log file and paste it into a new file.
• It lets you create a link to any log file for easy access.
• It supports more than 5 viewing modes for a file, which includes: Text, Binary, Hexadecimal, RTF, etc.

This is a very good log file viewer in terms of speed, as it saves your time by opening large log files quickly. Besides this, it has a biggest downfall. It highlights only one searched text at a time.

LogViewer

LogViewer is a free Log file viewer for Windows that lets you open large log files quickly and provides sophisticated search options to quickly look through desired information in Log files.

It is a completely free software to open and search log files. It does not have any log file editing tools, but is a pretty solid option to view log files.

In terms of search options, it provides following type of searches:

• SubString Case Sensitive: In this mode, you can search for any word or phrase in the log file. The search will be case sensitive.
• SubString Case Insensitive: This is similar to above, but the search will be case insensitive.
• Regex String Case Sensitive: This is a really powerful option and lets you use regular expressions to search in log file. This particular option performs regular expression search case Sensitive.
• Regex String Case Insensitive: This is another regular expression search option, but this disregards the case.

Now, even though the above search options are quite powerful, but there is yet another option this log file viewer provides, that further increases the search capability. It comes with a “Cumulative” search option. You can use this option to search for multiple search terms one after the other, and then rows that have any of those search terms are highlighted. In this way, you can easily do multi-query search in this.

The best part is that each of the search could be separately specified to be a regular search or regular expression search, etc. So, this makes the search feature really versatile.

Once you have performed your searches, you can choose to see only those rows that are search results, or you can choose to see entire log file and remove the rows that have search results.

Then, you can also choose to export the search rows from log files. You can export all the rows that have search results, or export log file by removing the rows that have search results.

And last, but not the least, it also gives a feature to see additional rows before and after the rows that have search results. For example, if you also want to select 1 row before and after the row that you wanted to search for, this software can do that too.

All in all, this is a very thought of software to easily open log files, perform complicated searches in that, and later export the search results.

File Viewer Lite

File Viewer Lite is a free log file viewer which lets you open large log files quickly. It displays metadata and other information of opened file on its interface. For example, if I open a log file in this free log viewer, I will get alpha and omega of that file, which includes: file size, file location, date and time on which it was opened, date and time on which it was modified, etc. On the right side on its interface, entire log file is displayed along with the line numbers, Ruler, and Syntax Tree. There are options to hide one or any of these.

If I talk about the type of view, there are three types of views available for a log file, namely: Native, Text, and Hex view.

• Native view is the original representation of a log file, i.e. it shows a log file in its original code. This is the default view.
• Text view converts a log file and displays it in a coded text format.
• Hex view converts a log file in Hexadecimal code and displays it on the interface.

A very useful feature of this freeware is Find Tool.

Find Tool: You can search a text in the entire log file by pressing Ctrl+F keys on your keyboard. Following are types of searches that are available in this free log viewer:

• Case Sensitive
• Whole Words Only
• Regular Expressions Searches

This file viewer provides further options to customize the search:

• Direction Search: Use this search mode to start search either in forward or in backward direction.
• Origin Search: This type of search mode starts searching texts either from the position where you have placed cursor in a log file or from the beginning.

Apart from this, it also lets you edit a log file and export it on your PC as txt file. Cut, Copy, and Paste features are also available in this free log analyzer for PC.

Though this free log viewer comes with many good features, but I do not recommend it to you if you are looking for log viewers that can handle heavy files easily. This freeware is limited for small log files whose size do not exceeds 300 MB. I have tried 500 MB log file in this Windows log viewer, but it failed to open it and displayed a message “Not Sufficient Memory“. Hence, I suggests you to download it only if you are looking for a very basic log file viewer.

NOTE: Save feature is not available in its free version.

Glogg

Glogg is another free log file viewer for PC. The main advantage of this software is that it features Live updation of search results. So, if you are using log file to analyze specific events, then as new events get added to the log file, it will highlight those in the search results. You can specify polling period at which it should refresh the search results.

In terms of interface, there are some pretty good features that this log analyzer has. The main interface is divided into 2 parts. The top part of the interface is to view the log file. The bottom part is to see the search results. So, if you search for anything in your log file, all the rows that match search results are shown in the bottom part. This makes it very easy to see the search results. It does not give a direct option to export the search results, but you can select all the rows of the search results, copy them, and then paste them anywhere.

In terms of search, it lets you do three types of searches. All the searches can be case sensitive or case insensitive:

• Fixed Strings: This option lets you do an exact match search.
• Wildcards: This is a unique option in this log viewer that you can perform searches using wildcards as well. For example, if you want to search for “machine”, you can give search term as “mac*ine”. I am not sure what are the other wildcards that it supports.
• Regular Expressions: As is the case with most of the log viewers, you can do regular expression based search in this as well.

There is one more feature of this software that I really like, and that is option to highlight rows that meet a filter criteria with a specific foreground and background color. For this, go to Tools menu, and choose Filters. There you can add a filter, specify pattern, and then specify foreground and background colors. All the rows that match that filter criteria will be highlighted accordingly. You can add as many filters as you want, and specify separate colors for each filter, and then rows would be highlighted accordingly.

The remaining options in this software include, option to see line numbers, option to see font and font size, and option to set encoding.

Dynamic Log Viewer

Dynamic Log Viewer, is another log viewer that lets you open large/heavy log files. It is a very fast log viewer in this list. I have tried 1 GB log file in this software and it opened it instantly within 1 second. It displays total number of lines in a log file along with its size on its interface. You can view the number of a particular line by clicking it.

Here are some of the features of this log viewer:

• It has an Autoscroling feature, which automatically scrolls the loaded log file to bottom. If you don’t want this feature by default, you can lock Autoscrolling.
• Click Restrict Empty Lines and this free Windows log viewer clears all empty lines from the log file.
• Print option is also available. You can adjust page setup, page margins (in millimeters), and select page orientation (landscape or portrait) before taking a print out.
• Coding Standards: This free log file reader supports more than 5 coding standards, which include: ANSI, OEM, UTF-7, UTF-8, etc. You can easily convert log file from one code to another code.
• Dynamic Log viewer supports three languages: English, Czech, and Slovak.
• Its other features include go to a line, full screen mode, etc.
• You can define length of lines that you want to see, and the longer lines will be wrapped.

The biggest downside of this software is its search feature. You can only do an exact match search, and choose direction for it (forward or backwards). There is no option to do any regex search. Also, search results can’t be exported.

Legit Log Viewer

Legit Log Viewer is another free log viewer software for Windows in this list. As you launch this log file viewer, it displays a demo log file on the interface for the first time. You can take a look at its features by playing around with this demo log file.

This log file viewer lets you open multiple log files together, in its different tabs. Moreover, it also displays the recently opened log files, so you can open them quickly. Multiple file formats (llog, xlog, text, and log) are supported by this free log analyzer software. All these formats are applicable for both import and export options. It also lets you copy a selected text to clipboard and load the copied text from clipboard into the software.

This log viewer is not a plain text viewer (though, it supports log files in txt format as well). Instead, it neatly organizes logs in form of tables. For the table, you can choose which columns to show or hide. You can choose to show / hide following columns:

• ProcessId
• Date / Time
• Level
• Context
• Logger
• Message

You can also choose to sort the log file on any of these columns, just by clicking on the corresponding column header. Some of the columns come with filtering options as well. For example, in “Level”, you can choose to view any of Info, Warning, or Trace type messages.

It also comes with a filter option to see all the rows with a specific message.

Apart from opening existing log files, it comes with another powerful feature to capture Live Logs. There are various Log formats that it can capture live in Windows. Some of these include: C++ Library, DebugView log (Clock time, PIDs), WiX log, DebugView log (Clock time), etc. You can choose to remove one or more of these if you want to capture only specific type of events.

It also come with option to export log files, and encrypt / decrypt log files.

GamutLogViewer

GamutLogViewer is quite a feature rich log viewer for Windows. It comes in both free as well as paid version. Even though many of the features are disabled in free version, still its free version has some features that make it stand apart from the rest.

The feature that I like most in this log viewer is that you can specify your own log parser in that. What that means is that if you have a log file that have long lines of text, but you want to divide that text in form of columns, then you can define that pattern in this software. It will then use that pattern to display your log file in form of nice table with rows and columns. And it makes it very easy to define the pattern. You start by choosing a row which has data for all the columns that you want, then break that row into separate columns, then specify the column separators, and you are done. You can also save the log parser that you have defined so that you can use that in future for other similar log files. And you can define multiple log parsers and pick from among them whenever you try to open a log file.

In terms of search, it provides both normal search as well as regex search. However, regex search is available in paid version only.

In the free version, it provides option to highlight rows with different colors depending on the filters that you have specified. For example, you can specify that all the rows that have “Policy” word should be highlighted with Red color, the ones that have word “reset” should be highlighted with Green color, and so on. You can specify multiple filters together to highlight rows with different colors.

Some other features that are available on the interface of this free log viewer are:

• Its main toolbar has icons for Error, Info, Message, etc. that let you quickly jump to corresponding row in your log file.
• You can wrap text.
• Bookmark lines
• Zoom in and out
• Option to add column level filters
• Option to undo filters
• It can open multiple log files together on its tabbed interface.
• There are tons of encoding formats it supports, including,  OEM United states – IBM437, Thai (Windows) – Windows-874, Unicode-utf-16, Baltic (Windows) – Windows-1257, Chinese Traditional (CNS)-x-Chinese-CNS.

The paid version of this software is even more feature rich, and comes with advanced features like, merge multiple log files into one, split log file into multiple files, save color filters, etc.

So, if you are not looking for advanced search options for your log file, then this is one of the best free log file viewer.

Log Expert

Log Expert is a lightweight log viewer for Windows. This log file viewer is suitable for small log files. I was able to open a 300 MB log file in it, but a larger file didn’t open. It can open multiple log files in separate tabs. If you reopen the software, all tabs will be restored. The best part of this freeware is that you can edit a log file and save it on your PC. Like some other log viewer software in this list, it also displays the list of recently opened files, which provides you quick access. It opens a log file and displays its line numbers.

You can add bookmarks to any row and switch among added bookmarks easily. If you want to view all your added bookmarks, simply press F6 key. This log analyzer will open a window that contains all your added bookmarks. It also lets you export all bookmarks on your PC.

Filters: Use filters to modify your searches. You can make your searches case sensitive, invert your matches, restrict columns, open filtered results in new tabs, etc.

Search Tool: You can start your search either from selected text or from top. Besides this, directional search is also available in this software, which lets you start search in forward or backward direction. It highlights all searched text within the entire log file with yellow color. This lets you recognize them easily. After the completion of a search, it shows all the lines that contain searched text along with their line numbers at its bottom part.

Encoding: It supports 5 types of encoding, which include: ASCII, Windows-1252, UTF8, etc.

Bare Tail

Bare Tail is another free log viewer software in this segment. This software is designed to open heavy log files. I do not know exactly what is the maximum size limit to open a log file for this software, but I have opened log files of size as large as 1GB and it opened them quickly within a second. Like some of the log file viewer software in this list, it also supports to open multiple log files in multiple tabs.

It is actually a real-time log file viewer. It couples that with a tail feature. So, you can monitor the end of a Live updating log file. Not only that, it can actually Live monitor multiple log files in its multiple tabs. So, if you have multiple log files for different types of events, and you want to keep a tab on them, then this tool is good.

If I talk about search tool, it features a highlighting tool. Using this tool, you can search many different text with different colors. It also lets you change foreground and background colors for your searches. This is an advanced search tool which also lets you modify your search by applying filters.

• Ignore Case: You can make your search Case Sensitive by disabling Ignore Case filter.
• Invert Match: This is a very useful filter in this software. If you enable this filter, the software highlights the entire log file, except searched text.

Save to Registry and Load from Registry features are also available in this software, but these did not work while I was testing it.

Apart from this, it supports many coding standards. Some of these include: ASCII, ANSI, etc.

Some other features of this log viewer are:

• You can configure line size
• You can configure tab size
• It can open log files over a network.
• Its a portable log file viewer, so just double click on the executable and start using it. No installation required.

Even though this log viewer has some pretty good features, but a big limitation I found is that it does not support Regular Expressions for search.

Reveal Text Log File Viewer

Reveal Text Log File Viewer is a free log file viewer software for large log files. It has a capacity to open large log files quickly. A 1GB log file is opened in this freeware within a second. It comes with a real time updation feature that updates log file automatically. It also supports multiple encoding, like ANSI, ASCII, UTF8, UTF16, etc.

Apart from this, it has some other features like font style, font size, different background colors, etc.

In terms of search, it only features a basic search. It does not have an option for a regular expression search.

File Peeker

File Peeker is a free lightweight log file reader which lets you open large log files quickly. The main advantage of this log file viewer is that it lets you specify the part of the log files that you want to view. For example, you can specify that you want to start viewing the log file starting 22,000 bytes, and view 10,000 bytes from there on. You can also specify this in percentage, that where do you want to start viewing your log file from, and then what percentage of it you want to view. I wish it had option to specify this information in terms of number of lines as well, but that feature is missing.

So, if you have a very large log file, but you know which part of it you want to view, then this freeware log viewer will come very handy.

It does provide search as well, but the search feature is pretty basic. You can only search for an exact match string, and choose to perform the search case sensitive or non-case sensitive. It does not have any option to perform regex based search. Also, when you search for a string, it does not highlight all the instances of that string, but only the first instance is highlighted. You have to press Search button again to go to the next search result.

A good feature of search is that you can choose to search the entire log file, or only the part of the log file that you have chosen to view.

So, to summarize, if you want a log viewer that lets you view a specific part of a log file, then File Peeker is a good software for that. But if you want one with powerful search options, then you need to use some other log viewer from this list.

LogViewer

LogViewer is another simple Log file viewer for Windows. It has a bit confusing interface. When you open it, you will see that the entire interface is blank, there is no menu or option at all. You will need to right click on its interface to see all the options it has. Start by choosing Open option to open any log file.

When a log file is opened, you can just scroll to see on its interface. You can change font size by again using the right click menu.

Now, there are a few good options that this software has, but none of those worked for me, and I am not really sure if I missed something. I encourage you to try them at your end.

• Hide Rows feature lets you hide rows based on pattern you have specified. You can specify multiple patterns and all the rows that meet those patterns will be hidden.
• You can colorize rows that match the specified pattern. You can specify multiple patterns, and different color with each pattern.
• You can also sanitize lines, so that unwanted part from the lines is removed. Again, you need to specify patterns for that.

These are actually pretty powerful features, but none of them worked for me. If these worked, I would have placed this software pretty high up in the list.

This software also comes with a TCP port listener, that can listen to ports and create log.

Free File Viewer

Free File Viewer is a versatile file viewer that can open files of various formats. It supports opening log files as well and opens large log files quickly without affecting any other running task. It is such a fast large log file viewer that opening 1 GB large log files is a cake walk for this software. In terms of features, it is pretty basic. You can open a log file, and perform basic searches in it. It only shows one search result at a time, and you need to manually move to next search result. Apart from that, it really does not have any feature that make it a good log file viewer.

On the contrary, I noticed a couple of issues while installing it. It tried to change homepage of my browser without my permission. It also downloaded Real Player’s browser plugin, without asking me for the same.

So, I would suggest you to stay away from this, unless you are looking for a versatile file viewer that can support a lot of file formats (including image and video formats).

by Madalina Dinita

Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies… read more

Updated on October 4, 2023

Event log viewers are programs that track important events on your computer. Every app or program that runs on your computer leaves a trace in the event log, and before apps stop or crash, they post a notification. 

Every single event or change made on your computer is registered in the event log.

In other words, an event viewer is a program that scans long text log files, groups them and adds a simpler interface on huge amounts of technical data.

In case your computer doesn’t work properly, event viewers are essential because they offer you important information on the source of the problem.

Windows 10 comes with its own built-in event log viewer that offers users an in-depth image of the processes taking place on their computers. 

If you want to analyze particular event information, you can also use third-party event viewers.

How to use Windows Event Viewer

1. Type event in the Windows search tab and select Run as administrator to start Event Viewer with full privileges.
2. Next, click on the category of the event from the left pane, and the list of events will appear on the upper-middle pane.
3. When you click on an event, you will get the details on the bottom-middle pane; double-clicking it will open the details in a separate window.
4. In our example, we are checking out a kernel warning that a core of the processor was limited by system firmware. Hitting the Copy button with copy all the information in the clipboard to paste it in a document or an Excel file.
5. You can also use all the options from the right pane to gain more information. For instance, you can save the event as a .evtx file by clicking on Save Selected Events.

Windows Event Viewer is great to get basic information on events on your system and it can be used easily for saving important information.

What are the best Windows 10 event log viewers?

Windows Event Log Viewer

Many Windows users rely on this built-in tool to check the events that take place on their computers.

This tool has two major advantages: it’s already installed on your computer and has a very intuitive interface. You can launch the Windows Event Log Viewer by typing event viewer in the search bar.

The tool’s screen is divided into three parts: the event categories are located in the left-hand sidebar, details about log events can be found in the middle section of the window, while the available actions are listed in the right-hand sidebar.

In the left pane, you can choose from all the event types. The top one is aimed for the administrative event.

Clicking on each one on the center pane, will provide you with general or detailed information about the event.

The next two categories from the left are the Windows logs and the Applications and services logs. The first refers, of course, exclusively to the OS and its built-in apps.

The action pane from the right offers you all the possible options to interact with the logs but the most important are the save and export options that are paramount to sharing the reports to specialized help.

The Windows Event Log Viewer offers reports about five log events:

• Application events: reports about app/ program issues
• Security events: reports about the results of security actions
• Setup events: mainly refers to domain controllers
• System events: these are reports sent by Windows system files about the issues encountered and are usually self-healing issues
• Forwarded events: these are reports sent by other computers

Event Log Explorer

This event log viewer allows users to view, analyze and monitor events recorded in Windows’ event logs.

Event Log Explorer is better than Microsoft’s own Event Log Viewer, bringing more features to the table.

Thanks to this tool, users can analyze various event logs: security, application, system, setup, directory service, DNS, and more.

The tool can even access Windows event logs and event log files from remote servers and you can view more of them at one time in separate windows or in one big, merged window.

If it’s relevant, you can choose between legacy Windows NT API and modern Windows Event Log API to access the logs.

Event Log Explorer reads events into its own temporary storage for faster log analysis. Of course, you can choose between memory and disk storage.

The software also allows you to consolidate events in one single view to review it as a solid log. You can even save it as an EVT file.

Other features include:

• Instant access to event logs – Event Log Explorer works with both local and remote event logs, as well as with event log files in EVT and EVTX format
• Efficient filtering – filter by event descriptions using regular expressions, filter by security event parameters, or you can build complex filters and organize them into a filter library
• Export events and report generator – export and print events

⇒ Get Event Log Explorer

MyEventViewer

MyEventViewer is another interesting, simpler alternative to Microsoft’s Event Log Viewer. This tool lets you watch multiple event logs in one list, together with event description and data.

Also, the event description and data are displayed in the main window, instead of opening a new one.

No installation process or additional DLL files are required to run this software, all you need to do is to launch the executable file.

With MyEventViewer, you can select multiple event items and save them to HTML/Text/XML files. Of course, there’s also the option to copy them to the clipboard and paste them afterward into and Excel document.

MyEventViewer’s mai window is composed by 2 panes. The top one shows you the list of all events and when you select one you will see the description in the lower pane window.

You can remove/add the logs that you want to view from the main window by using the Logs menu.

The software also has command-line commands for advanced users. The admins will be happy to use them for a more efficient process that implicates more computers.

Other features include:

• It packs only the main features and options you need to monitor your system
• The simplistic interface is very user-friendly
• You can view the events from a remote computer
• Certain events can be hidden from specific users
• Events can be filtered using a series of criteria

⇒ Get MyEventViewer

FullEventLogView

This is NirSoft’s most recent event viewer, it was released on September 9, 2016. FullEventLogView is a simple tool for Windows 10 that displays the details of all Windows events in a table.

FullEventLogView is the upgraded version of MyEventViewer:

MyEventViewer is a very old tool […]. The old programming interface still works even on Windows 10, but it cannot access the new event logs added on Windows Vista and newer systems. […]

FullEventLogView uses the new programming interface, so it displays all events.

The tool allows you not only to view the events of your local computer but also the events of a remote computer on your network, and events stored in .evtx files.

It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from the command-line.

This program works on any version of Windows, including Windows Vista and up to Windows 10. Both 32-bit and 64-bit systems are supported.

⇒ Get FullEventLogView

SentinelAgent

SentinelAgent is a cloud-based Windows monitoring software. This tool registers, stores and analyzes event logs, performance metrics, and system inventory from any Windows PCs, tablets, and servers on your network.

SentinelAgent is available for home users, small and medium businesses and enterprise clients.

The service for home users notifies you when your devices are having problems, and help you identify the source of the problem as well. 

No configuration is necessary, as the tool is already pre-configured to monitor specific computer performance elements and alert you by email as soon as issues are detected.

If you opt for a professional version, you will need to install the agent on system you want to monitor.

Then, if those devices start having problems, you will get notified. You will also be able to access a log with 7 days of system data that is stored outside the PC that is acting up to get to the root of the issue.

Other features include:

• 7 Days Data Retention (Rotating)
• Monitor All Your Machines From 1 Account
• Pre-Configured Notifications for CPU/Disk Errors
• Pre-Configured Notifications for Event ID Errors
• No Ads. No Bloat
• Network Installation Ready
• 2.7 Mb Disk Space Required

⇒ Get SentinelAgent

Read more about this topic

• Event ID 7000: How to fix this Service control manager error
• GitHub Copilot for Business: How to Set Up & Use
• 8 Best Ethernet Cable Tester Tools [Hardware & Software]
• Fix: DTS Audio Processing Settings are Unavailable

We hope this top Windows 10 event log viewers help you to choose the tool that best suits your monitoring needs.

If you’re interested in other options, you can also check our log monitoring software list for experienced admins.

Have you already tried out some of the event viewers listed in this article? Tell us more about your experience in the comment section below.

Пора поговорить про удобную работу с логами, тем более что в Windows есть масса неочевидных инструментов для этого. Например, Log Parser, который порой просто незаменим.

В статье не будет про серьезные вещи вроде Splunk и ELK (Elasticsearch + Logstash + Kibana). Сфокусируемся на простом и бесплатном.

Журналы и командная строка

До появления PowerShell можно было использовать такие утилиты cmd как find и findstr. Они вполне подходят для простой автоматизации. Например, когда мне понадобилось отлавливать ошибки в обмене 1С 7.7 я использовал в скриптах обмена простую команду:

findstr "Fail" *.log >> fail.txt

Она позволяла получить в файле fail.txt все ошибки обмена. Но если было нужно что-то большее, вроде получения информации о предшествующей ошибке, то приходилось создавать монструозные скрипты с циклами for или использовать сторонние утилиты. По счастью, с появлением PowerShell эти проблемы ушли в прошлое.

Основным инструментом для работы с текстовыми журналами является командлет Get-Content, предназначенный для отображения содержимого текстового файла. Например, для вывода журнала сервиса WSUS в консоль можно использовать команду:

Get-Content -Path 'C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log' | Out-Host -Paging

Для вывода последних строк журнала существует параметр Tail, который в паре с параметром Wait позволит смотреть за журналом в режиме онлайн. Посмотрим, как идет обновление системы командой:

>Get-Content -Path "C:\Windows\WindowsUpdate.log" -Tail 5 -Wait

Смотрим за ходом обновления Windows.

Если же нам нужно отловить в журналах определенные события, то поможет командлет Select-String, который позволяет отобразить только строки, подходящие под маску поиска. Посмотрим на последние блокировки Windows Firewall:

Select-String -Path "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" -Pattern 'Drop' | Select-Object -Last 20 | Format-Table Line

Смотрим, кто пытается пролезть на наш дедик.

При необходимости посмотреть в журнале строки перед и после нужной, можно использовать параметр Context. Например, для вывода трех строк после и трех строк перед ошибкой можно использовать команду:

Select-String 'C:\Windows\Cluster\Reports\Cluster.log' -Pattern ' err ' ‑Context 3

Оба полезных командлета можно объединить. Например, для вывода строк с 45 по 75 из netlogon.log поможет команда:

Get-Content 'C:\Windows\debug\netlogon.log' | Select-Object -First 30 -Skip 45

Журналы системы ведутся в формате .evtx, и для работы с ними существуют отдельные командлеты. Для работы с классическими журналами («Приложение», «Система», и т.д.) используется Get-Eventlog. Этот командлет удобен, но не позволяет работать с остальными журналами приложений и служб. Для работы с любыми журналами, включая классические, существует более универсальный вариант ― Get-WinEvent. Остановимся на нем подробнее.

Для получения списка доступных системных журналов можно выполнить следующую команду:

Get-WinEvent -ListLog *

Вывод доступных журналов и информации о них.

Для просмотра какого-то конкретного журнала нужно лишь добавить его имя. Для примера получим последние 20 записей из журнала System командой:

Get-WinEvent -LogName 'System' -MaxEvents 20

Последние записи в журнале System.

Для получения определенных событий удобнее всего использовать хэш-таблицы. Подробнее о работе с хэш-таблицами в PowerShell можно прочитать в материале Technet about_Hash_Tables.

Для примера получим все события из журнала System с кодом события 1 и 6013.

Get-WinEvent -FilterHashTable @{LogName='System';ID='1','6013'}

В случае если надо получить события определенного типа ― предупреждения или ошибки, ― нужно использовать фильтр по важности (Level). Возможны следующие значения:

• 0 ― всегда записывать;
• 1 ― критический;
• 2 ― ошибка;
• 3 ― предупреждение;
• 4 ― информация;
• 5 ― подробный (Verbose).

Собрать хэш-таблицу с несколькими значениями важности одной командой так просто не получится. Если мы хотим получить ошибки и предупреждения из системного журнала, можно воспользоваться дополнительной фильтрацией при помощи Where-Object:

Get-WinEvent -FilterHashtable @{LogName='system'} | Where-Object -FilterScript {($_.Level -eq 2) -or ($_.Level -eq 3)}

Ошибки и предупреждения журнала System.

Аналогичным образом можно собирать таблицу, фильтруя непосредственно по тексту события и по времени.

Подробнее почитать про работу обоих командлетов для работы с системными журналами можно в документации PowerShell:

• Get-EventLog.
• Get-WinEvent.

PowerShell ― механизм удобный и гибкий, но требует знания синтаксиса и для сложных условий и обработки большого количества файлов потребует написания полноценных скриптов. Но есть вариант обойтись всего-лишь SQL-запросами при помощи замечательного Log Parser.

Работаем с журналами посредством запросов SQL

Утилита Log Parser появилась на свет в начале «нулевых» и с тех пор успела обзавестись официальной графической оболочкой. Тем не менее актуальности своей она не потеряла и до сих пор остается для меня одним из самых любимых инструментов для анализа логов. Загрузить утилиту можно в Центре Загрузок Microsoft, графический интерфейс к ней ― в галерее Technet. О графическом интерфейсе чуть позже, начнем с самой утилиты.

О возможностях Log Parser уже рассказывалось в материале «LogParser — привычный взгляд на непривычные вещи», поэтому я начну с конкретных примеров.

Для начала разберемся с текстовыми файлами ― например, получим список подключений по RDP, заблокированных нашим фаерволом. Для получения такой информации вполне подойдет следующий SQL-запрос:

SELECT 
 extract_token(text, 0, ' ') as date, 
 extract_token(text, 1, ' ') as time,
 extract_token(text, 2, ' ') as action, 
 extract_token(text, 4, ' ') as src-ip,  
 extract_token(text, 7, ' ') as port 
FROM 'C:\Windows\System32\LogFiles\Firewall\pfirewall.log' 
WHERE action='DROP' AND port='3389'
ORDER BY date,time DESC

Посмотрим на результат:

Смотрим журнал Windows Firewall.

Разумеется, с полученной таблицей можно делать все что угодно ― сортировать, группировать. Насколько хватит фантазии и знания SQL.

Log Parser также прекрасно работает с множеством других источников. Например, посмотрим откуда пользователи подключались к нашему серверу по RDP.

Работать будем с журналом TerminalServices-LocalSessionManager\Operational.

Не со всеми журналами Log Parser работает просто так ― к некоторым он не может получить доступ. В нашем случае просто скопируем журнал из %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx в %temp%\test.evtx.

Данные будем получать таким запросом:

SELECT
 timegenerated as Date, 
 extract_token(strings, 0, '|') as user,
 extract_token(strings, 2, '|') as sourceip 
FROM '%temp%\test.evtx'
WHERE EventID = 21
ORDER BY Date DESC

Смотрим, кто и когда подключался к нашему серверу терминалов.

Особенно удобно использовать Log Parser для работы с большим количеством файлов журналов ― например, в IIS или Exchange. Благодаря возможностям SQL можно получать самую разную аналитическую информацию, вплоть до статистики версий IOS и Android, которые подключаются к вашему серверу.

В качестве примера посмотрим статистику количества писем по дням таким запросом:

SELECT
 TO_LOCALTIME(TO_TIMESTAMP(EXTRACT_PREFIX(TO_STRING([#Fields: date-time]),0,'T'), 'yyyy-MM-dd')) AS Date,
 COUNT(*) AS [Daily Email Traffic] 
FROM 'C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking\*.LOG'
WHERE (event-id='RECEIVE') GROUP BY Date ORDER BY Date ASC

Если в системе установлены Office Web Components, загрузить которые можно в Центре загрузки Microsoft, то на выходе можно получить красивую диаграмму.

Выполняем запрос и открываем получившуюся картинку…

Любуемся результатом.

Следует отметить, что после установки Log Parser в системе регистрируется COM-компонент MSUtil.LogQuery. Он позволяет делать запросы к движку утилиты не только через вызов LogParser.exe, но и при помощи любого другого привычного языка. В качестве примера приведу простой скрипт PowerShell, который выведет 20 наиболее объемных файлов на диске С.

$LogQuery = New-Object -ComObject "MSUtil.LogQuery"
$InputFormat = New-Object -ComObject "MSUtil.LogQuery.FileSystemInputFormat"
$InputFormat.Recurse = -1
$OutputFormat = New-Object -ComObject "MSUtil.LogQuery.CSVOutputFormat"
$SQLQuery = "SELECT Top 20 Path, Size INTO '%temp%\output.csv' FROM 'C:\*.*' ORDER BY Size DESC"
$LogQuery.ExecuteBatch($SQLQuery, $InputFormat, $OutputFormat)
$CSV = Import-Csv  $env:TEMP'\output.csv'
$CSV | fl 
Remove-Item $env:TEMP'\output.csv'
$LogQuery=$null
$InputFormat=$null
$OutputFormat=$null

Ознакомиться с документацией о работе компонента можно в материале Log Parser COM API Overview на портале SystemManager.ru.

Благодаря этой возможности для облегчения работы существует несколько утилит, представляющих из себя графическую оболочку для Log Parser. Платные рассматривать не буду, а вот бесплатную Log Parser Studio покажу.

Интерфейс Log Parser Studio.

Основной особенностью здесь является библиотека, которая позволяет держать все запросы в одном месте, без россыпи по папкам. Также сходу представлено множество готовых примеров, которые помогут разобраться с запросами.

Вторая особенность ― возможность экспорта запроса в скрипт PowerShell.

В качестве примера посмотрим, как будет работать выборка ящиков, отправляющих больше всего писем:

Выборка наиболее активных ящиков.

При этом можно выбрать куда больше типов журналов. Например, в «чистом» Log Parser существуют ограничения по типам входных данных, и отдельного типа для Exchange нет ― нужно самостоятельно вводить описания полей и пропуск заголовков. В Log Parser Studio нужные форматы уже готовы к использованию.

Помимо Log Parser, с логами можно работать и при помощи возможностей MS Excel, которые упоминались в материале «Excel вместо PowerShell». Но максимального удобства можно достичь, подготавливая первичный материал при помощи Log Parser с последующей обработкой его через Power Query в Excel.

Приходилось ли вам использовать какие-либо инструменты для перелопачивания логов? Поделитесь в комментариях.