SANS Reading Room: EVTX and Windows Event Logging

A new document available in the SANS Reading Room:

This paper will explore Microsoft’s EVTX log format and Windows Event Logging framework. The EVTX data stream and structure will be defined as a basis for the Windows Event Logging framework and log subscription components that can be used to collect and correlate logs in a complex Windows-based environment.

This is a must read if you have to work with Windows environments (collecting and correlating logs). The document is available here.

One comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.