Windows 10: Understanding the Event Data of Event Viewer logs in XML format

Discus and support Understanding the Event Data of Event Viewer logs in XML format in AntiVirus, Firewalls and System Security to solve the problem; Hello, I'm trying to understand how to decode the %%-numbers present in some XML event data section. For example, in the eventID 5152, I have... Discussion in 'AntiVirus, Firewalls and System Security' started by Fausap, Jun 19, 2019.

  1. Fausap Win User

    Understanding the Event Data of Event Viewer logs in XML format


    Hello,

    I'm trying to understand how to decode the %%-numbers present in some XML event data section.

    For example, in the eventID 5152, I have


    <EventData><Data Name='ProcessId'>0</Data><Data Name='Application'>-</Data><Data Name='Direction'>%%14592</Data><Data Name='SourceAddress'>10.0.0.76</Data> ... etc


    in this case I know the direction is Incoming, but why that code? In the Microsoft reference page for that event, Direction field is an Unicode String. So maybe is that a reference to a table in a DLL? Or what?


    Thanks in advance,

    Fausto


    ***Original title: EventData %% code***

    :)
     
    Fausap, Jun 19, 2019
    #1

  2. Delete Event Log Files created in one month

    Rishad,

    I noticed that some type of XML coding might help to export.

    I export the logs basically based on the setup of the events. For example, you have Event Viewer (Local) -> Windows Logs -> Security. And I export them to )say the month of April):

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\Comma Separated Value - CSV\04.csv

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\Event Viewer\No Display Information\04.evtx

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\Event Viewer\Display Information for English\04..evtx

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\Event Viewer Current View - XML\04.xml

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\TXT\04.txt

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\XML\No Display Information\04.xml

    D:\Logs\Event Viewer\Event Viewer (Local)\Windows Logs\2016\Security\XML\Display Information for English\04.xml

    What is getting a bit more difficult is creating the Event Viewer (Local) -> Applications and Services Logs -> Dell (OK a bit easy), but then you have Event Viewer (Local) -> Applications and Services Logs -> Microsoft -> Windows -> AAD. Which goes to:

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\Comma Separated Files - CSV\01.csv

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\Event Files\No Display Information\01.evtx

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\Event Files\Display Information for English\01.evtx

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\TXT\01.txt

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\XML\No Display Information\01.xml

    D:\Logs\Event Viewer\Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\AAD\Operational\2016\XML\Display Information for English\01.xml

    So maybe if an XML export can some export / create the proper documents, that would be great!

    Thank you!
     
    CoreyBryant, Jun 19, 2019
    #2
  3. spike47 Win User
    Error in event viewer

    Hi

    I keep geting the following in the Event viewer ,
    The description for Event ID (4) in source ( SuperProServer ) cannot be found . the local computer may not have the necessary registry information or message DLL files to display message from a remote computer . You may be able to use /AUXSOURCE= flag to retrieve this description . The following information is part of the event, The event log file is corrupt .

    has anyone any ideas has to what this means .

    cheers
     
    spike47, Jun 19, 2019
    #3
  4. Understanding the Event Data of Event Viewer logs in XML format

    Event viewer error with event id 10016

    Hello,

    Thank you for posting your query on Microsoft Community forum.

    I understand that you are getting an error “DistributedCOM 10016” in the event viewer logs.

    • Do you face any issues on the computer?
    • Have you made any recent changes to the computer?
    This problem may occur if either of the following conditions is true:

    • A program with the class ID (CLSID) that appears in the message tries to start the COM component by using the DCOM infrastructure. However, the user does not have the required permissions to start the COM component.

    • The Network Service account does not have the correct permissions.

    Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever these types of events occur, Windows records the event in
    an event log that you can read by using Event Viewer. Advanced users might find the details in event logs helpful when troubleshooting problems with Windows and other programs.

    If you do not have any issues with app or any other program I would suggest you to ignore it.

    Keep us posted if you face any issues related to Windows in future. We will be glad to help you.
     
    Rakesh Narayanaswamy, Jun 19, 2019
    #4
Thema:

Understanding the Event Data of Event Viewer logs in XML format

Loading...
  1. Understanding the Event Data of Event Viewer logs in XML format - Similar Threads - Understanding Event Data

  2. Disabled Event Viewer Log Keeps Logging Events Anyway??

    in Windows 10 Gaming
    Disabled Event Viewer Log Keeps Logging Events Anyway??: I don't know what to do. I enabled 'Winsock Network Events' in Event Viewer to see what kind of events are logged and even when I explicitly disable the log, it keeps filling with events whenever I clear itI've tried to clear the log before Disabling, tried clearing it after...
  3. Disabled Event Viewer Log Keeps Logging Events Anyway??

    in Windows 10 Customization
    Disabled Event Viewer Log Keeps Logging Events Anyway??: I don't know what to do. I enabled 'Winsock Network Events' in Event Viewer to see what kind of events are logged and even when I explicitly disable the log, it keeps filling with events whenever I clear itI've tried to clear the log before Disabling, tried clearing it after...
  4. Event Viewer Audio logs

    in AntiVirus, Firewalls and System Security
    Event Viewer Audio logs: Hello,I have been trying to look for audio logs which can show me when the device PC/Laptop was muted, and when the volume status was changed. In Event Viewer, both Windows>System and Application and Services Logs>Microsoft>Windows>Audio none are visible for the mute...
  5. Event Viewer Log Files

    in Windows 10 Gaming
    Event Viewer Log Files: I've noticed my disk space is running low and I've found Event Viewer log files are taking up 25GB. The log file size limit is set to the default of 20480 KB and set to overwrite.I'm sure they shouldn't be taking this much space up.Here's a screenshot of what I'm seeing.Does...
  6. Event Viewer Log Files

    in Windows 10 Software and Apps
    Event Viewer Log Files: I've noticed my disk space is running low and I've found Event Viewer log files are taking up 25GB. The log file size limit is set to the default of 20480 KB and set to overwrite.I'm sure they shouldn't be taking this much space up.Here's a screenshot of what I'm seeing.Does...
  7. Have Event Viewer Display Event Log Message in Tabular Format.

    in Windows 10 BSOD Crashes and Debugging
    Have Event Viewer Display Event Log Message in Tabular Format.: NOTE: THIS QUESTION IS REALLY A WINDOW SERVERS QUESTION - NO SUCH WINDOWS VERSION CATEGORY WAS LISTEDDear Sir or Madam: The Event Viewer allows one to Add/Remove Columns e.g., Date and Time, Source, Event ID, Task Category, etc.. But there is no way to display the actual...
  8. Troubling event viewer log

    in Windows 10 BSOD Crashes and Debugging
    Troubling event viewer log: I seem to be having issues with the WMI services. While checking event viewer I noticed a DistributedCOM error occurring over 1800 times per hour. Not sure if its related but does anyone know about the error below? Unable to start a DCOM Server:...
  9. Event Viewer Log.

    in Windows 10 Ask Insider
    Event Viewer Log.: Need to create an event viewer log that tracks USB connects and disconnects. I have all my USB devices disconnecting and reconnecting. I need to identify if it's possibly my UPS (usb connected to PC), because it showed I had a battery discharge when i first installed my...
  10. Event Viewer Logs

    in Windows 10 Support
    Event Viewer Logs: I’m currently on Win10 Pro x64, version 1709, Build 16299.371. Searching in my Event Viewer, I noticed some logs under the “Applications and Services Logs” folder, which I don’t recall having previously (pointed with red arrow, in the image) and are all inactive! Can...

Users found this page by searching for:

  1. aad event logs in evtx format

    ,
  2. xmlDecodeEventData

    ,
  3. event data of event log

    ,
  4. convert windows event logs to .xml