Install Now
grokevt-addlog - A tool for adding a raw event log to an existing GrokEVT database.
Contents
Arguments
grokevt-addlog uses the following arguments:
database-dir
The base directory for the database generated previously by grokevt-builddb(1).
evt-file
The file to be added to the database.
new-type
The new log type/name that evt-file will take on. This is the name that will need to be used
later with grokevt-parselog(1) to access the new log. This type must not already exist in the
database.
base-type
The existing log type that this new log will be based on. The message templates from this type
will be used with the new log when parsing. This type must exist in the current database.
Bugs
Probably several. This particular script has not been extensively tested.
Credits
Written by Timothy D. Morgan.
Description
grokevt-addlog takes a raw event log (.evt file) and adds it to a pre-built database generated by
grokevt-builddb(1). This new log file will be set up to use the message templates of another log, as
determined by the user.
This tool is primarily useful for processing deleted logs and log fragments found on a system. While it
is possible to use the database generated from one system with the logs of another, this is not
recommended for investigations unless no alternatives exist.
License
Please see the file "LICENSE" included with this software distribution.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License version 3 for more details.
Name
grokevt-addlog - A tool for adding a raw event log to an existing GrokEVT database.
See Also
grokevt(7) grokevt-builddb(1) grokevt-dumpmsgs(1) grokevt-findlogs(1) grokevt-parselog(1) grokevt-ripdll(1) File Conversion Utilities 20 June 2011 grokevt-addlog(1)
Synopsis
grokevt-addlogdatabase-direvt-filenew-typebase-type
PNG Icons
