GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PARSE::EVTX2::CHUNK (3)

.ds Aq ’

NAME

Parse::Evtx2::Chunk - parses a chunk of a Microsoft Windows Vista event log file (.evtx)

CONTENTS

SYNOPSIS



        use Parse::Evtx2::Chunk;
       
    # create an object for your event log file
    my $fh = IO::File->new(justachunk.bin, "r");
   
    # create a chunk object
    my $parser = Parse::Evtx2::Chunk->new(FH => $fh);

    # iterate through all event records
    my $event = $parser->get_first_event();
    while (defined $event) {
        print $event->get_xml();
        $event = $file->get_next_event();
    };
   
    # all done, close the file handle
    $fh->close();



DESCRIPTION

Microsoft Windows Vista records events in a proprietary binary file format. An object of this class represents a parser for a chunk of a Vista event log file. A chunk is a block of 64 kiB of data, that consists of header information, internal tables and event data. The main purpose of this modules is to translate event log files from their native binary form into textual XML.

The chunk object provides central services to other classes, e.g. stacks for elements, strings and XML templates.

METHODS

    new

This is the constructor for the parser class.

Parameters
FH This is a handle object for the event log file. The object is required to be a descendant of IO::File.
Start Offset into the file handle where the chunk is expected to start. This parameter is optional; it defaults to 0.

    check

This method checks the chunk for certain errors and marks them in a return code. Right now, only the CRC32 check of the chunk header is implemented.

    get_first_event

This method retrieves the first event record from a file. It returns an Parse::Evtx2::Event object on success and undef on failure. Note that get_first_event changes the file pointer in the associated file handle object.

    get_next_event

This method retrieves the next event record from a file. It returns an Parse::Evtx2::Event object on success and undef on failure. Note that get_next_event changes the file pointer in the associated file handle object.

    get_start

Returns the offset into the file

    get_length

Returns the lengths of the section of the log file that corresponds with the chunk object.

DIAGNOSTICS

<B>newB> returns undef, if it doesn’t recognize the format of the file.

Other errors will be signalled through assertions and die().

DEPENDENCIES

This module depends on the following non-standard modules, which are also not part of this package:
Carp::Assert
Data::Hexify
Digest::Crc32
Math::BigInt

SEE ALSO

evtxdump.pl, evtxtemplates.pl, Parse::Evtx2, Parse::Evtx2::Event

HISTORY

v1.0.0 (2007-08-10) Initial release. =item v1.0.1 (2009-12-21) Bugfixes, improved parsing of header. =item v1.0.3 (2010-02-11) Implemented CRC32 check of chunk header. =item v1.0.4 (2010-03-24) Added CRC32 check of event data. =item v1.1.1 (2011-11-17) Fixed memory leaks.

AUTHOR

Andreas Schuster (schuster@cpan.org)

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 PARSE::EVTX2::CHUNK (3) 2012-05-28

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.