To view earlier event logs under Vista, you will need at least Windows XP or Windows Server 2003 clients as resource. To read the log files in the format that was used, follow these steps:
1. Register legacy Event Viewer snap-in (els.dll) from XP or Windows Server 2003:
Note After registration, the MMC Add and Remove Snap-ins list shows the Classic Event Viewer option.
a. Open mmc.exe.
b. Locate Add and Remove Snap-ins, and then add Classic Event Viewer to the console root.
c. Click New Window from Here, and then save as ClassicEventViewer.msc.
2. Convert the earlier .evt files to .evtx format. To do this, follow these steps:
a. Use the Vista built-in tool wevtutil.exe. set wevtutil epl eventlog.evt eventlog.evtx /lf:true.
Note: wevtutil is located in windows\system32 directory.
b. Rename the .evtx to .evt by using the following command:
rename eventlog.evtx eventlog-x.evt.
3. Start Classic Event Viewer with the following command:
mmc /a ClassicEventViewer.msc /auxsource=\\computername
Note: The /auxsource name is given UNC format: /auxsource=\\computername (!), not as documented /auxsource=computername.
You should be able to see XP-style formatted events after you follow these steps.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Article ID: 967856 - Last Review: Jun 26, 2009 - Revision: 1