Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
evtexport()			     LOCAL			   evtexport()

NAME
       evtexport -- exports items stored in a Windows Event Log	(EVT)

SYNOPSIS
       evtexport [-c codepage] [-l log_file] [-m mode] [-p message_files_path]
		 [-r  registy_files_path]  [-s system_file] [-S	software_file]
		 [-t event_log_type] [-hvV] source

DESCRIPTION
       evtexport is a utility to export	items stored in	a  Windows  Event  Log
       (EVT)

       evtexport is part of the	libevt package.	 libevt	is a library to	access
       the Windows Event Log (EVT) format

       source is the source file.

       The options are as follows:

       -c codepage
	       specify	the  codepage  of  ASCII strings, options: ascii, win-
	       dows-874, windows-932, windows-936,  windows-949,  windows-950,
	       windows-1250,   windows-1251,   windows-1252   (default),  win-
	       dows-1253,  windows-1254,  windows-1255,	  windows-1256,	  win-
	       dows-1257 or windows-1258

       -h      shows this help

       -l log_file
	       specify the file	in which to log	information about the exported
	       items

       -m mode
	       export  mode, option: all, items	(default), recovered 'all' ex-
	       ports the (allocated) items and recovered  items,  'items'  ex-
	       ports  the (allocated) items and	'recovered' exports the	recov-
	       ered items

       -p message_files_path
	       search PATH for the resource  files  (default  is  the  current
	       working directory)

       -r registy_files_path
	       name  of	the directory containing the SOFTWARE and SYSTEM (Win-
	       dows) Registry file

       -s system_file
	       filename	of the SYSTEM  (Windows)  Registry  file  This	option
	       overrides the path provided by -r

       -S software_file
	       filename	 of  the  SOFTWARE (Windows) Registry file This	option
	       overrides the path provided by -r

       -t event_log_type
	       event log type, options:	application, security, system  if  not
	       specified  the  event log type is determined based on the file-
	       name.

       -v      verbose output to stderr

       -V      print version

ENVIRONMENT
       None

FILES
       None

EXAMPLES
       # evtexport evtexport -p	c/ -r c/Windows/System32/config/ c/Windows/System32/config/AppEvent.Evt
       evtexport 20120910

	     ...

DIAGNOSTICS
       Errors, verbose and debug output	are printed  to	 stderr	 when  verbose
       output  -v  is enabled.	Verbose	and debug output are only printed when
       enabled at compilation.

BUGS
       Please report bugs of any kind to <joachim.metz@gmail.com>  or  on  the
       project website:	https://github.com/libyal/libevt/

AUTHOR
       These man pages were written by Joachim Metz.

COPYRIGHT
       Copyright  (C)  2011-2024, Joachim Metz <joachim.metz@gmail.com>.  This
       is free software; see the source	for copying conditions.	 There	is  NO
       warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR-
       POSE.

SEE ALSO
       evtinfo(1)

libevt				April 13, 2019			   evtexport()

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=evtexport&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help