Cannot Open From-entity Error Opening Event Log Security A Required
15, 20073 0 0 0 LogParser is one of my absolute favorite tools, particularly for doing incident response. I use it a lot to extract and order data into a timeline (hmmm…that's a good topic for a future post). When I moved to Vista, I found one annoyance, though. The log file format in Vista has changed from *.evt to *.evtx -- the new log file format is XML based and all-round better than the old-school evt files. Unfortunately, this causes a problem when using LogParser on Vista to parse event logs from down-level machines: C:\priv>logparser "SELECT * FROM Application.evt"Task aborted.Cannot open
Web Platform Installer Get Help: Ask a Question in our Forums More Help Resources Blogs Forums Home IIS.NET Forums Logparser Forums General Discussion Solution to: Error reading event log: The event log file is corrupted... Solution to: Error reading event log: The event log file is corrupted. [Answered]RSS 1 reply Last post Apr 14, 2008 05:08 AM by Zhao Ji Ma - MSFT ‹ Previous Thread|Next Thread › Print Share Twitter Facebook Email Shortcuts Active Threads Unanswered Threads Unresolved Threads Advanced Search Reply foxR https://blogs.technet.microsoft.com/neilcar/2007/08/15/logparser-event-logs-and-vista/ 2 Posts Solution to: Error reading event log: The event log file is corrupted. Apr 08, 2008 06:36 AM|foxR|LINK When I tried to read a large application event log file, I got that message. After clearing the log file, the problem was gone. Does anybody know limitations on size of the different resources (my application event log was 247MB) https://forums.iis.net/t/prev/1148719 ? Reply Zhao Ji Ma -... 762 Posts Re: Solution to: Error reading event log: The event log file is corrupted. Apr 14, 2008 05:08 AM|Zhao Ji Ma - MSFT|LINK Hi, The file size 247MBof event log is fine for LogParser. If you are running LogParser from Windows Vista for old format of event log file which has file extension of .evt, you may experience "The event log file is corrupted." error. Task aborted. Cannot open
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and http://serverfault.com/questions/340948/can-logparser-query-newer-log-file-types-on-2008 policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can cannot open ask a question Anybody can answer The best answers are voted up and rise to the top Can Logparser query newer log file types on 2008 up vote 0 down vote favorite I am trying to research a problem and would like to use Logparser to remotely query one of the newer 2008 log types against many remote servers. I want to query cannot open from-entity the Setup log, not application, system, security. Logparser seems ignorant of these new log types, and I have been unable to find a way to do this without certain hacks. I've see some posts about other hacks to make this possible. Because I need to query around 100 servers the hacks I've found are less than ideal. Wevtutil to convert the whole file before query is inefficient and not practical to do this remotely against many machines. Adding regkeys to HKLM\SYSTEM\CurrentControlSet\services\eventlog is tedious because each time you want to query a different one of these new log types, you need to new key. Using the full path to the EVTX file does treats it as text, and doesn't produce useful output. Specifying the input as EVT gives a file in use error. Query is being made from a 2008 R2 machine, where another post said Logparser would support EVTX files. Is it possible to use Logparser remotely against these newer logs without these hacks? PS C:\> .\LogParser.exe "SELECT * FROM \\NOBODY\admin$\System32\winevt\Logs\setup.evtx" WARNING: Input format not specified - using TEXTLINE input format. LogFilename Index Text ----------------------------------