Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
evtxexport			     LOCAL			    evtxexport

NAME
     evtxexport	-- exports items stored	in a Windows XML EventViewer Log
     (EVTX) file

SYNOPSIS
     evtxexport	[-c codepage] [-f format] [-l log_file]	[-m mode]
		[-p message_files_path]	[-r registy_files_path]
		[-s system_file] [-S software_file] [-t	event_log_type]
		[-hTvV]	source

DESCRIPTION
     evtxexport	is a utility to	export items stored in a Windows XML
     EventViewer Log (EVTX) file

     evtxexport	is part	of the libevtx package.	 libevtx is a library to ac-
     cess the Windows XML EventViewer Log (EVTX) file

     source is the source file.

     The options are as	follows:

     -c	codepage
	     specify the codepage of ASCII strings, options: ascii, win-
	     dows-874, windows-932, windows-936, windows-949, windows-950,
	     windows-1250, windows-1251, windows-1252 (default), windows-1253,
	     windows-1254, windows-1255, windows-1256, windows-1257 or win-
	     dows-1258

     -f	format
	     output format, options: xml, text (default)

     -h	     shows this	help

     -l	log_file
	     specify the file in which to log information about	the exported
	     items

     -m	mode
	     export mode, option: all, items (default),	recovered 'all'	ex-
	     ports the (allocated) items and recovered items, 'items' exports
	     the (allocated) items and 'recovered' exports the recovered items

     -p	message_files_path
	     search PATH for the resource files	(default is the	current	work-
	     ing directory)

     -r	registy_files_path
	     name of the directory containing the SOFTWARE and SYSTEM (Win-
	     dows) Registry file

     -s	system_file
	     filename of the SYSTEM (Windows) Registry file This option	over-
	     rides the path provided by	-r

     -S	software_file
	     filename of the SOFTWARE (Windows)	Registry file This option
	     overrides the path	provided by -r

     -t	event_log_type
	     event log type, options: application, security, system if not
	     specified the event log type is determined	based on the filename.

     -T	     use event template	definitions to parse the event record data

     -v	     verbose output to stderr

     -V	     print version

ENVIRONMENT
     None

FILES
     None

EXAMPLES
     # evtxexport evtxexport -p	c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
     evtxexport	20120910

	   ...

DIAGNOSTICS
     Errors, verbose and debug output are printed to stderr when verbose out-
     put -v is enabled.	 Verbose and debug output are only printed when	en-
     abled at compilation.

BUGS
     Please report bugs	of any kind to <joachim.metz@gmail.com>	or on the
     project website: https://github.com/libyal/libevtx/

AUTHOR
     These man pages were written by Joachim Metz.

COPYRIGHT
     Copyright (C) 2011-2020, Joachim Metz <joachim.metz@gmail.com>.  This is
     free software; see	the source for copying conditions. There is NO war-
     ranty; not	even for MERCHANTABILITY or FITNESS FOR	A PARTICULAR PURPOSE.

SEE ALSO
     evtxinfo(1)

libevtx				April 14, 2019			       libevtx

NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT | FILES | EXAMPLES | DIAGNOSTICS | BUGS | AUTHOR | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=evtxexport&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help