Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timestamp missing in .evtx #32

Open
LeTak0 opened this issue Mar 5, 2024 · 4 comments
Open

Timestamp missing in .evtx #32

LeTak0 opened this issue Mar 5, 2024 · 4 comments
Assignees
@hamster620
Labels
bug Something isn't working

Comments

@LeTak0
Copy link

LeTak0 commented Mar 5, 2024

When importing .evtx files from windows event viewer. The Timestamp field stays empty.
The timestamp information is crucial in some log audits.
@hamster620 hamster620 self-assigned this Mar 6, 2024
@hamster620 hamster620 added the bug Something isn't working label Mar 6, 2024
@hamster620
Copy link
Collaborator

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

@LeTak0
Copy link
Author

LeTak0 commented Mar 20, 2024

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@hamster620
Copy link
Collaborator

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.

@LeTak0
Copy link
Author

LeTak0 commented Mar 20, 2024

4.0.8.303 ULogViewer
Linux Kernel 6.6.22.1
Arch Linux
Wayland , Hyprland

image

@LeTak0 I cannot reproduce the symptom you mentioned with my .evtx files, could you help to provide some .evtx files which show empty timestamp for further analysis? Thanks.

winlog.zip

@LeTak0 The Timestamp column show as expected after opening the .evtx file you provided:

image

Could you help to provide screenshot, operating system and the version of ULogViewer you use? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamster620 hamster620

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hamster620 @LeTak0