GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
evtxexport LOCAL evtxexport

evtxexportexports items stored in a Windows XML EventViewer Log (EVTX) file

evtxexport [-c codepage] [-f format] [-l log_file] [-m mode] [-p message_files_path] [-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type] [-hTvV] source

evtxexport is a utility to export items stored in a Windows XML EventViewer Log (EVTX) file

evtxexport is part of the libevtx package. libevtx is a library to access the Windows XML EventViewer Log (EVTX) file

source is the source file.

The options are as follows:

codepage
specify the codepage of ASCII strings, options: ascii, windows-874, windows-932, windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252 (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258
format
output format, options: xml, text (default)
shows this help
log_file
specify the file in which to log information about the exported items
mode
export mode, option: all, items (default), recovered 'all' exports the (allocated) items and recovered items, 'items' exports the (allocated) items and 'recovered' exports the recovered items
message_files_path
search PATH for the resource files (default is the current working directory)
registy_files_path
name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file
system_file
filename of the SYSTEM (Windows) Registry file This option overrides the path provided by -r
software_file
filename of the SOFTWARE (Windows) Registry file This option overrides the path provided by -r
event_log_type
event log type, options: application, security, system if not specified the event log type is determined based on the filename.
use event template definitions to parse the event record data
verbose output to stderr
print version

None

None

# evtxexport evtxexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
evtxexport 20120910
...

Errors, verbose and debug output are printed to stderr when verbose output -v is enabled. Verbose and debug output are only printed when enabled at compilation.

Please report bugs of any kind to <joachim.metz@gmail.com> or on the project website: https://github.com/libyal/libevtx/

These man pages were written by Joachim Metz.

Copyright (C) 2011-2024, Joachim Metz <joachim.metz@gmail.com>. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

evtxinfo(1)

April 14, 2019 libevtx
Search for    or go to Top of page |  Section other |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.