||EventLogChannelsView v1.25 - View / Disable / Enable / Clear event log channels
Copyright (c) 2016 - 2020 Nir Sofer
EventLogChannelsView is a simple tool for Windows 10/8/7/Vista that shows the list of all event log channels on your system, including
the channel name, event log filename, enabled/disabled status, current number of events in the channel, and more...
It also allows you to easily make some actions on multiple channels at once: enable/disable channels, set their maximum file size, and clear all events stored in the channels.
This utility works on any version of Windows, starting from Windows Vista and up to Windows 10.
Both 32-bit and 64-bit systems are supported. Windows XP and older systems are not supported.
- Version 1.25:
- Added 'View Channel In FullEventLogView' option, which allows you to view the events of the selected channel by using the FullEventLogView tool.
- In order to use this feature, you have to put the FullEventLogView.exe file in the same folder of EventLogChannelsView.exe
- You can also use this feature to view the events of the selected channel on a remote computer.
- Be aware that by default the FullEventLogView tool shows only the events in the last 7 days, but you can change it in the 'Advanced Options' window (F9).
- Version 1.20:
- Added 'Select All' and 'Deselect All' to the 'Column Settings' window.
- Version 1.19:
- Added 'Add Header Line To CSV/Tab-Delimited File' option (Turned on by default).
- Version 1.18:
- Added 'Save All Items' option (Shift+Ctrl+S).
- Version 1.17:
- You can now resize the properties window, and the last size/position of this window is saved in the .cfg file.
- Version 1.16:
- Added support for saving as JSON file.
- Version 1.15:
- Added 'Put Icon On Tray' option.
- Version 1.13:
- Added option to choose another font (name and size) to display in the main window.
- Version 1.12:
- Added 'Quick Filter' feature (View -> Use Quick Filter or Ctrl+Q). When it's turned on, you can type a string in the text-box added under the toolbar and EventLogChannelsView will instantly filter the event log channels, showing only lines that contain the string you typed.
- Version 1.11:
- Added 'Set Retention/Backup Mode' to the context menu.
- Version 1.10:
- You can now set the retention/backup mode of the selected channels (File -> Set Retention/Backup Mode): 'Overwrite events as needed' ,
'Archive the log when full', or 'Do not overwrite events'.
- Version 1.05:
- Added 'Hide Channels With 0 Events' option.
- Version 1.00 - First release.
Start Using EventLogChannelsView
EventLogChannelsView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - EventLogChannelsView.exe
After running EventLogChannelsView, the main window displays the list of all event log channels currently available on your system.
If you want to connect a remote computer on your network, press F7 (Choose Data Source), choose to load the event channels from a remote computer and type the computer name.
You can select one or more channels and then disable them (F2), enable them (F3), set their maximum file size or clear all events stored in the channel.
You can use the 'Save Selected Items' option to export the channels list to html/xml/csv/tab-delimited file.
- Channel Name:
Name of the event log channel.
Name of the channel publisher.
Name of the event log filename ( .evtx and .etl files)
- Full Path:
Full path of the event log filename
Displays 'Yes' if the event log channel is enabled and 'No' if it's disabled.
Displays 'Yes' if it's a classic event log existed in older versions of Windows (Application, System, Security)
- Maximum Size:
Maximum size of the event log file in KB.
- File Reached Maximum Size:
Displays 'Yes' if the file size reached the maximum file size (As displayed in the 'Maximum Size' column)
- File Modified Time:
Modified time of the event log file.
- File Created Time:
Created time of the event log file.
- File Size:
Size of the event log file.
- Channel Type:
Type of channel - Admin, Analytic, Debug, or Operational.
- Channel Isolation:
Isolation mode of the channel - System, Application, or Custom.
- Events Count:
Current number of events stored in this event log channel.
- Oldest Record Number:
The oldest record number stored in this event log channel.
- AutoBackup Mode:
If this value is 'Yes', the log will be backed up automatically when it reaches the maximum size.
- Retention Mode:
If an event log reaches its maximum size and the Retention Mode is 'Yes', existing events are retained and incoming events are discarded.
If the Retention Mode is 'No', incoming events overwrite the oldest events in the log.
View channel events with FullEventLogView
In order to view the events of the selected channel, you have to download the FullEventLogView tool, put FullEventLogView.exe in the same folder of
EventLogChannelsView.exe, and then the 'View Channel In FullEventLogView' menu item will be enabled.
After this menu item is enabled, simply select one or more channels, and then choose the 'View Channel In FullEventLogView' menu item from the right-click context menu
or from the File menu. FullEventLogView will be opened automatically with the correct filters to display only the events of the channels you selected.
If you choose to connect a remote computer on your network (In 'Advanced Options' window of EventLogChannelsView), FullEventLogView will also display the events on the same remote computer.
Be aware that by default the FullEventLogView tool shows only the events in the last 7 days, but you can change it in the 'Advanced Options' window (F9).
||Save the event log channels into a simple text file.
||Save the event log channels into a tab-delimited text file.
||Save the event log channels into a comma-delimited text file (csv).
||Save the event log channels into a tabular text file.
||Save the event log channels into HTML file (Horizontal).
||Save the event log channels into HTML file (Vertical).
||Save the event log channels into XML file.
This command-line option can be used with other save options for sorting by the desired column.
The <column> parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or
the name of the column, like "Publisher" and "Channel Name".
You can specify the '~' prefix character (e.g: "~Maximum Size") if you want to sort in descending order.
You can put multiple /sort in the command-line if you want to sort by multiple columns.
Translating EventLogChannelsView to other languages
In order to translate EventLogChannelsView to other language, follow the instructions below:
- Run EventLogChannelsView with /savelangfile parameter:
A file named EventLogChannelsView_lng.ini will be created in the folder of EventLogChannelsView utility.
- Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language.
Optionally, you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information, it'll be
used in the 'About' window.
- After you finish the translation, Run EventLogChannelsView, and all translated
strings will be loaded from the language file.
If you want to run EventLogChannelsView without the translation, simply rename the language file, or move
it to another folder.
This utility is released as freeware.
You are allowed to freely distribute this utility via floppy disk, CD-ROM,
Internet, or in any other way, as long as you don't charge anything for this and you don't
sell it or distribute it as a part of commercial product.
If you distribute this utility, you must include all files in
the distribution package, without any modification !
The software is provided "AS IS" without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.
If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to email@example.com
EventLogChannelsView is also available in other languages. In order to change the language of
EventLogChannelsView, download the appropriate language zip file, extract the 'eventlogchannelsview_lng.ini',
and put it in the same folder that you Installed EventLogChannelsView utility.