Provided by: grokevt_0.5.0-1_all bug


       grokevt-findlogs - Attempts to find log file fragments in raw binary files, such as memory
       dumps and disk images.


       grokevt-findlogs -?

       grokevt-findlogs [-v] [-h] [-H] [-o offset] raw-file


       grokevt-findlogs searches a raw binary file for event log records. It  produces  a  simple
       comma-separated  values  (CSV) output to stdout which includes metadata and offsets of any
       hits. Using the metadata and offset/contiguity information, it should be easy to determine
       if the hits are false positives or not.


              The binary file to be searched.


       -?     Prints a basic usage statement.

       -v     Verbose mode. Prints status messages to stderr, which can be helpful for debugging.
              (Currently does nothing.)

       -h     Prints a header row at the top of the CSV output containing labels for each column.
              (This is the default behavior.)

       -H     Disables the printing of a header row. This is useful when grokevt-findlogs is used
              in a script.

       -o offset
              Begin search at this byte offset within the binary file.


       Probably a few. This script has not been extensively tested with some guest platforms.

       There are likely some speed improvements that could be made.


       Written by Timothy D. Morgan


       Please see the file "LICENSE" included with this software distribution.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;
       without  even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License version 3 for more details.


       grokevt(7) grokevt-addlog(1)  grokevt-builddb(1)  grokevt-dumpmsgs(1)  grokevt-parselog(1)