zzamboni.org

LogParser, Event Logs, and Vista - Neil Carpenter's Blog - Site Home - TechNet Blogs

The only workaround to this is to convert the logfile to the new evtx format prior to parsing it.  You can do this in the event log viewer GUI by doing a Save As… but I find it easier to do this at the command prompt:

wevtutil epl application.evt application.evtx /lf:true

I’m trying to process Windows Event Viewer files (.evt) from some servers on my Win7 machine, which kept me giving a “log file is corrupt” error message. The trick is to convert it to the newer .evtx format before processing. Thankfully this can also be easily done using a command-line utility.