I'm trying to find a way to ignore the entries in the windows system log, that were created during the time the monitor was in a disabled state. I'm unable to achieve this with a 'Windows Event Log Monitor' as the monitor reads the earlier entries after it is enabled.
I set the path in a logfile monitor to System.evtx log file. The monitor is able to get the size of the file and number of lines in the file, but unable to do a regex match. I tried multiple encoding types, but none gave a readable output.
Can anyone help me come up with a solution. Thank you.