In Windows Vista and Windows Server 2008 versions, Microsoft changed their event log management format from EVT (available with Windows NT, XP and 2003) to EVTX to better enable applications to precisely record log events. The EVTX file format stores event records as a stream of binary XML (Extensible Markup Language). Moreover, EVTX logs have different event ID’s, a higher number of fields and supports different sources for logging of events data than EVT log files.
Organizations still relying on XP or Windows 2003 servers–or who are maintaining EVT logs generated by their legacy servers–require a mechanism to centrally collect, store and report on both EVT and EVTX logs for regulatory compliance like Sarbanes Oxley, Basel II, HIPAA, GLB, FISMA, PCI DSS or NISPOM. Otherwise you will increase your risk of exposure to compliance violations, intruders, malware, damage, loss and legal liabilities.