search

carina-studio / ULogViewer

Cross-Platform Universal Log Viewer.
https://carina-studio.github.io/ULogViewer/
MIT License
409 stars 40 forks source link

Timestamp missing in .evtx #32

Open LeTak0 opened 8 months ago

LeTak0 commented 8 months ago

When importing .evtx files from windows event viewer. The Timestamp field stays empty. The timestamp information is crucial in some log audits.

hamster620 commented 8 months ago

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

LeTak0 commented 8 months ago

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

hamster620 commented 8 months ago

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.

LeTak0 commented 8 months ago

4.0.8.303 ULogViewer Linux Kernel 6.6.22.1 Arch Linux Wayland , Hyprland

image

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.