Log Size
tomrade opened this issue · 2 comments
tomrade commented
Sorry if ive missed something, but is there a quick way to get the length of the evtx file ie the number of log records. I looked at looping over chunks/events to count, but didn't know if there was a simple/quick way.
williballenthin commented
i think you have to loop through the chunks and use the fields log_first_record_number and log_last_record_number to compute the total number of records in the log.
the header does contains metadata about the current/next log record numbers; however, this is different from total record count, because old events may have expired.
tomrade commented
Hey thanks for the quick response , will do that :)