JTaylor,
There were a few emails exchanged privately to try to work through this problem with no success. I think we ended up agreeing that it was a bug with the way logparser handles those random byte values when outputting XML.
I'm not sure what your situation is. In my case using logparser the way I was trying to do it, by dumping to XML format, would have introduced a relatively minor security risk to the security log reporting system that I was attempting to implement. I have little control over the machines that get joined to our domain due to our decentralized environment, and I was dealing with domain controller logs that report computer names in many of the security log events. Lacking a fix for logparser, I decided to abandon the XML output for now.
Ultimately it comes down to this:
1) You can wait for a fix in a future release. No ETA on this. (Maybe Gabriele has some insight into this.)
2) You can fix the machine that is sending the invalid characters. (I didn't bother with this because it would ultimately not have solved my problem since at any time someoneelse could have added a new machine with the same problem. This would have broken the security log reporting process potentially allowing bad guys to get away with something undetected.)
3) You can use another format to dump the log files. In my case I chose CSV, but we may be setting up a syslog server in the future.
Keep in mind that, if you really are seeing the same thing, there are really two bugs here.
One is that the faulty machine is generating bad event data for the computer name.
The second is that logparser wasn't able to properly handle the bad characters in the event log.
If you can fix the first problem and be shure that it won't happen again, Logparser would not be forced to deal with the bad data in the first place.
Good Luck,
- metzlerd