Category "NT event log"
An article in a German computer magazine recently remined me of a common misconception in event log parsers. Most parsers treat Windows event log files as sequential files - and read them from top to bottom. While this usually works, it might mangle or suppress a single log entry under special circumstances.
Viewing a saved Windows Event Log file on a different system might be unexpectedly difficult. The Event Log Service might refuse to open the file as it appears to be corrupted. In that situation a procedure documented by Stepahn Bunting may provide first aid.
Eric Fitz took the trouble to search the Windows sources for default access control lists of the various event logs. He posted his findings for Windows 2000, XP with Service Pack 2 and Windows Server 2003 in the Windows Auditing Team's blog.