Best Practices

EVTX Format

The event log format introduced with Windows Vista and Windows 2008

The event log format introduced with Windows Vista and Windows 2008

In Windows Vista and Windows Server 2008 versions, Microsoft changed their event log management format from EVT (available with Windows NT, XP and 2003) to EVTX to better enable applications to precisely record log events. The EVTX file format stores event records as a stream of binary XML (Extensible Markup Language). Moreover, EVTX logs have different event ID's, a higher number of fields and supports different sources for logging of events data than EVT log files.

Organizations still relying on XP or Windows 2003 servers–or who are maintaining EVT logs generated by their legacy servers–require a mechanism to centrally collect, store and report on both EVT and EVTX logs for regulatory compliance like Sarbanes Oxley, Basel II, HIPAA, GLB, FISMA, PCI DSS or NISPOM. Otherwise you will increase your risk of exposure to compliance violations, intruders, malware, damage, loss and legal liabilities.

From the standpoint of best practices, it's best to have an event log management strategy that can easily accommodate updated log file formats for two reasons:

  1. Vendors regularly change formats, and...
  2. Network administrators regularly change vendors!

With Ipswitch Log Management Suite–and its exclusive Log Refiner™ Technology–you can easily monitor, collect, analyze, report, alert and store Windows event log files across both EVT and EVTX log versions. Plus with support for Syslog, Windows events, and W3C/IIS logs you will have a comprehensive log management strategy in place to protect your organization, saving time and reducing human error. Now you will be able to easily generate the log reports that you need for regulatory compliance audits and internal management–regardless of log file format.

Try Log Management Free