What time zone are the description timestamps in Windows Event log (UTC?)

windows windows-server-2008 windows-event-log timezone
7,656

The Date line records the event timestamp in UTC. When you view the event log, the viewer adjusts the timestamp to the current local time zone for display.

The message of the event is just a string. If the logging application/service puts a timestamp in there, that's specific to that application. It's going to reflect whatever that application is designed to report.

Share:
7,656

Related videos on Youtube

5k1zk17
Author by

5k1zk17

Updated on September 18, 2022

Comments

  • 5k1zk17
    5k1zk17 almost 2 years 
    Log Name: System
Source: LsaSrv
Date: <date> <time>
Event ID: 45058
Task Category: Logon Cache
Level: Information
Keywords: Classic
User: N/A
Computer: computername.contoso.com
Description:
A logon cache entry for user [email protected] was the oldest entry and was removed. The timestamp of this entry was **MM/DD/YYYY HH:MM:SS**

    Given the above example evtx log, is the timestamp time zone in the description UTC? My understanding is the Date/Time of the actual event log is in UTC, I just want to confirm the date and time provided in the description is in UTC as well. This is a win2k8 OS. Thanks

    • 5k1zk17
      5k1zk17 almost 10 years
      After some testing, I believe it is recorded in local time.
  • 5k1zk17
    5k1zk17 almost 10 years
    I'm not seeing this to be the case. I'm not describing the event entry timestamp but the timestamp reported in the description/message of the event. That seems to be "hard coded" in the message unlike the event entry timestamp thats associated with a UTC offset.
  • Lucky Luke
    Lucky Luke almost 10 years
    The description of the event you posted in your question does not contain a time stamp. Anything in the description would be hard-coded (and embedded with the event), since that is created by the software which logs the event. Only the software which logs the event could change that to be UTC.
  • Matt Johnson-Pint
    Matt Johnson-Pint almost 10 years
    Sorry, I missed that part. I was referring to the timestamp in the Date field. As Lucky Luke said, the description is entirely up to the logging application. Is your question with specific regard to this LsaSrv event message?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

windows event log forwarding permission
What would cause so many EventID 4656 PlugPlayManager Security Audit Failures at one time?
Relocating event logs in Windows Server 2008 R2
How can I view login/logoff times for Windows Server 2008?
How to export all System event logs of a definite time period
Export entire Windows Log to XML
Lots of FAILURE AUDIT: an account failed to log on entires in Security Log
What time zone is displayed in windows event logs? When viewing saved log from another machine?
How to use Java timezone id in a Windows (non-Java) application?
Is MSDE supported on Windows Server 2008?