.evtx file extension

.evtx

Windows 2008 and Windows 7 event log file.

Also known as an event log archive file.

These files are used by Windows to record events - information messages, warning messages and error messages.

The .evtx files that Windows uses and maintaines are located in the folder:

C:\Windows\System32\winevt\Logs

These files (at least the ones in the folder above) should not be deleted. They can be cleared (reducing their size, but not quite to zero) using Event Viewer:

1. Start Event Viewer
2. Find the log (the "Application" log under "Windows Logs" is typically one of the largest).
3. Right click on the log and select "Clear Log..."

   You will have the option to save the log file contents else where first if you want. Otherwise this will simply clear the log file reclaiming the space used.

You can also limit the size of a log file:

1. Start Event Viewer
2. Find the log.
3. Right click on the log and select "Properties"
4. You can now specify the maximum size and what should happen when the log file reaches that maximum size.

   It is suggested that you select "Overwrite events as needed" (or "Archive the log when full" if you need to keep old events). Selecting "Do not overwrite events" can cause problems for some Windows applications should the log file become full.

Earlier versions of Windows used a .evt file.

For more information see:

• http://msdn.microsoft.com/en-us/library/bb671203%28v=vs.90%29.aspx - How to export, archive and clear event logs programmatically using Visual Studi.

Can you add to this? Do you know of any applications not already listed which will work with .evtx files, view .evtx files or open .evtx files? Are you able to contribute any additional reference information or file format information about .evtx files or have you spotted any errors or omissions? If so please let us know by emailing us at feedback@cryer.co.uk - Thank you.