ULogViewer icon indicating copy to clipboard operation
ULogViewer copied to clipboard
verified publisher icon carina-studio

Timestamp missing in .evtx

Open LeTak0 opened this issue 1 year ago • 7 comments

When importing .evtx files from windows event viewer. The Timestamp field stays empty. The timestamp information is crucial in some log audits.

LeTak0 avatar Mar 05 '24 08:03 LeTak0

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

hamster620 avatar Mar 16 '24 07:03 hamster620

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

LeTak0 avatar Mar 20 '24 08:03 LeTak0

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.

hamster620 avatar Mar 20 '24 13:03 hamster620

4.0.8.303 ULogViewer Linux Kernel 6.6.22.1 Arch Linux Wayland , Hyprland

image

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.

LeTak0 avatar Mar 20 '24 14:03 LeTak0