Talk:Windows Event Log (EVT) - Revision history

Joachim Metz: moved Talk:EVT to Talk:Windows Event Log (EVT)

2012-07-21T09:04:26Z

moved Talk:EVT to Talk:Windows Event Log (EVT)

ASchuster at 22:09, 20 March 2006

2006-03-20T22:09:38Z

Mkucenski at 20:31, 15 March 2006

2006-03-15T20:31:45Z

Mkucenski at 20:31, 15 March 2006

2006-03-15T20:31:16Z

ASchuster at 20:21, 15 March 2006

2006-03-15T20:21:33Z

Mkucenski at 18:52, 15 March 2006

2006-03-15T18:52:55Z

ASchuster: WikiMarkup for tables?

2006-03-15T18:21:57Z

WikiMarkup for tables?

ASchuster at 18:05, 15 March 2006

2006-03-15T18:05:46Z

Mkucenski at 15:23, 15 March 2006

2006-03-15T15:23:59Z

Mkucenski at 13:59, 15 March 2006

2006-03-15T13:59:57Z

New page

ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? I'm not quite clear on how this information is laid out. If MSDN has this information, a link to it should be included in this page.

@@ Line 8: / Line 8: @@
 The tool I am currently using is fairly primitive.  I am basically searching the file for 'LfLe', reading the record out, then searching for the next 'LfLe'.  Is it even possible to split a record?  I have not seen that situation, but also have not been looking for it.  It seems like this would cause havoc, especially for things like the data and string offsets within the record that are relative to the start of the record. --[[User:Mkucenski|Mkucenski]] 15:31, 15 March 2006 (EST)
 == WikiMarkup for tables? ==
 Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

@@ Line 7: / Line 7: @@
 Does your tool parse a split event record properly? Think of a record in a wrapped log file that starts at the (physical) end and continues near the top (right after the header). There might be even some padding in between of the two fragments. --ASchuster
-The tool I am currently using is fairly primitive.  I am basically searching the file for 'LfLe', reading the record out, then searching for the next 'LfLe'.  Is it even possible to split a record?  I have not seen that situation, but also have not been looking for it.  It seems like this would cause havoc, especially for things like the data and string offsets within the record that are relative to the start of the record.
+The tool I am currently using is fairly primitive.  I am basically searching the file for 'LfLe', reading the record out, then searching for the next 'LfLe'.  Is it even possible to split a record?  I have not seen that situation, but also have not been looking for it.  It seems like this would cause havoc, especially for things like the data and string offsets within the record that are relative to the start of the record. --[[User:Mkucenski|Mkucenski]] 15:31, 15 March 2006 (EST)
 == WikiMarkup for tables? ==
 Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

@@ Line 6: / Line 6: @@
 Does your tool parse a split event record properly? Think of a record in a wrapped log file that starts at the (physical) end and continues near the top (right after the header). There might be even some padding in between of the two fragments. --ASchuster
 == WikiMarkup for tables? ==
 Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

@@ Line 4: / Line 4: @@
 Well then thank you for your efforts.  I've just been ignoring the header/cursor as an invalid EVENTLOGRECORD and reading all of the rest of the records out. --MKucenski
 == WikiMarkup for tables? ==
 Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

@@ Line 2: / Line 2: @@
 This information was obtained through extensive testing. As fas as I know the only information available on MSDN is the declaration of the event record. --ASchuster
 == WikiMarkup for tables? ==
 Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

← Older revision		Revision as of 18:21, 15 March 2006
Line 2:		Line 2:

	This information was obtained through extensive testing. As fas as I know the only information available on MSDN is the declaration of the event record. --ASchuster		This information was obtained through extensive testing. As fas as I know the only information available on MSDN is the declaration of the event record. --ASchuster
		+
		+	== WikiMarkup for tables? ==
		+
		+	Is it possible to typeset tables in MediaWiki? I'm only used to DokuWiki and didn't find any information in the help. --ASchuster

← Older revision		Revision as of 18:05, 15 March 2006
Line 1:		Line 1:
	ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? If MSDN has this information, a link to it should be included in this page.		ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? If MSDN has this information, a link to it should be included in this page.
		+
		+	This information was obtained through extensive testing. As fas as I know the only information available on MSDN is the declaration of the event record. --ASchuster

← Older revision		Revision as of 15:23, 15 March 2006
Line 1:		Line 1:
−	ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? ~~I'm not quite clear on how this information is laid out.~~ If MSDN has this information, a link to it should be included in this page.	+	ASchuster: Can you provide the source of your information on the header, cursor, retention, etc? If MSDN has this information, a link to it should be included in this page.