Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
evtxexport()			     LOCAL			  evtxexport()

NAME
       evtxexport  --  exports	items  stored in a Windows XML EventViewer Log
       (EVTX) file

SYNOPSIS
       evtxexport  [-c	codepage]  [-f	format]	 [-l   log_file]   [-m	 mode]
		  [-p	   message_files_path]	   [-r	   registy_files_path]
		  [-s  system_file]  [-S  software_file]  [-t  event_log_type]
		  [-hTvV] source

DESCRIPTION
       evtxexport  is  a  utility  to  export  items  stored  in a Windows XML
       EventViewer Log (EVTX) file

       evtxexport is part of the libevtx package.  libevtx is a	library	to ac-
       cess the	Windows	XML EventViewer	Log (EVTX) file

       source is the source file.

       The options are as follows:

       -c codepage
	       specify the codepage of ASCII  strings,	options:  ascii,  win-
	       dows-874,  windows-932,	windows-936, windows-949, windows-950,
	       windows-1250,  windows-1251,   windows-1252   (default),	  win-
	       dows-1253,   windows-1254,   windows-1255,  windows-1256,  win-
	       dows-1257 or windows-1258

       -f format
	       output format, options: xml, text (default)

       -h      shows this help

       -l log_file
	       specify the file	in which to log	information about the exported
	       items

       -m mode
	       export mode, option: all, items (default), recovered 'all'  ex-
	       ports  the  (allocated)	items and recovered items, 'items' ex-
	       ports the (allocated) items and 'recovered' exports the	recov-
	       ered items

       -p message_files_path
	       search  PATH  for  the  resource	 files (default	is the current
	       working directory)

       -r registy_files_path
	       name of the directory containing	the SOFTWARE and SYSTEM	 (Win-
	       dows) Registry file

       -s system_file
	       filename	 of  the  SYSTEM  (Windows)  Registry file This	option
	       overrides the path provided by -r

       -S software_file
	       filename	of the SOFTWARE	(Windows) Registry  file  This	option
	       overrides the path provided by -r

       -t event_log_type
	       event  log  type, options: application, security, system	if not
	       specified the event log type is determined based	on  the	 file-
	       name.

       -T      use event template definitions to parse the event record	data

       -v      verbose output to stderr

       -V      print version

ENVIRONMENT
       None

FILES
       None

EXAMPLES
       # evtxexport evtxexport -p c/ -r	c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
       evtxexport 20120910

	     ...

DIAGNOSTICS
       Errors,	verbose	 and  debug  output are	printed	to stderr when verbose
       output -v is enabled.  Verbose and debug	output are only	 printed  when
       enabled at compilation.

BUGS
       Please  report  bugs  of	any kind to <joachim.metz@gmail.com> or	on the
       project website:	https://github.com/libyal/libevtx/

AUTHOR
       These man pages were written by Joachim Metz.

COPYRIGHT
       Copyright (C) 2011-2024,	Joachim	Metz  <joachim.metz@gmail.com>.	  This
       is  free	 software;  see	the source for copying conditions. There is NO
       warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR-
       POSE.

SEE ALSO
       evtxinfo(1)

libevtx				April 14, 2019			  evtxexport()

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=evtxexport&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help