Provided by: grokevt_0.4.1-7ubuntu1_all bug


       grokevt-findlogs - Attempts to find log file fragments in raw binary files, such as memory
       dumps and disk images.


       grokevt-findlogs -?   .PP  grokevt-findlogs  [-v]  [-h]  [-H]  [-o  offset]  raw-file  .SH
       DESCRIPTION grokevt-findlogs searches a raw binary file for event log records. It produces
       a simple comma-separated values (CSV) output to stdout which includes metadata and offsets
       of  any  hits.  Using the metadata and offset/contiguity information, it should be easy to
       determine if the hits are false positives or not.


              The binary file to be searched.


       -?     Prints a basic usage statement.

       -v     Verbose mode. Prints status messages to stderr, which can be helpful for debugging.
              (Currently does nothing.)

       -h     Prints a header row at the top of the CSV output containing labels for each column.
              (This is the default behavior.)

       -H     Disables the printing of a header row. This is useful when grokevt-findlogs is used
              in a script.

       -o offset
              Begin search at this byte offset within the binary file.


       Probably a few. This script has not been extensively tested with some guest platforms.

       There are likely some speed improvements that could be made.


       Written by Timothy D. Morgan

       Copyright (C) 2006-2007 Timothy D. Morgan


       Please see the file "LICENSE" included with this software distribution.

       This  program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE.
       See the GNU General Public License version 2 for more details.


       grokevt(7)  grokevt-addlog(1)  grokevt-builddb(1)  grokevt-dumpmsgs(1) grokevt-parselog(1)