DumpEVT is pretty much everything I need at the moment, but there's one more thing (isn't there always?) that would make it nearly perfect.
Is it possible to have the timestamp of entries that it exports stored as GMT/UMT results? (rather than the adjusted time?)
There's a comment in the version history that a bug in UMT conversion was fixed, which got me to wondering if that conversion can be disabled..
Reason for all this being is that we have domain controllers in different time zones...it'd be very handy to be able to collect the logs centrally, but to 'mush' them together in a meaningful way they would have to have an agreed time point of reference...
If not, any suggestions on how to manage servers in differing timezones for logs, anyone?