Provided by: libevtx-utils_20170122-3_amd64 bug

NAME
     evtxexport — exports items stored in a Windows XML EventViewer Log (EVTX) file


SYNOPSIS
     evtxexport [-c codepage] [-f format] [-l log_file] [-m mode] [-p message_files_path]
                [-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type]
                [-hTvV] source


DESCRIPTION
     evtxexport is a utility to export items stored in a Windows XML EventViewer Log (EVTX) file

     evtxexport is part of the libevtx package.  libevtx is a library to access the Windows XML
     EventViewer Log (EVTX) file

     source is the source file.

     The options are as follows:

     -c codepage
             specify the codepage of ASCII strings, options: ascii, windows-874, windows-932,
             windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252
             (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or
             windows-1258

     -f format
             output format, options: xml, text (default)

     -h      shows this help

     -l log_file
             specify the file in which to log information about the exported items

     -m mode
             export mode, option: all, items (default), recovered 'all' exports the (allocated)
             items and recovered items, 'items' exports the (allocated) items and 'recovered'
             exports the recovered items

     -p message_files_path
             search PATH for the resource files (default is the current working directory)

     -r registy_files_path
             name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file

     -s system_file
             filename of the SYSTEM (Windows) Registry file This option overrides the path
             provided by -r

     -S software_file
             filename of the SOFTWARE (Windows) Registry file This option overrides the path
             provided by -r

     -t event_log_type
             event log type, options: application, security, system if not specified the event
             log type is determined based on the filename.

     -T      use event template definitions to parse the event record data

     -v      verbose output to stderr

     -V      print version


ENVIRONMENT
     None


FILES
     None


EXAMPLES
     # evtxexport evtxexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
     evtxexport 20120910

           ...


DIAGNOSTICS
     Errors, verbose and debug output are printed to stderr when verbose output -v is enabled.
     Verbose and debug output are only printed when enabled at compilation.


BUGS
     Please report bugs of any kind to <joachim.metz@gmail.com> or on the project website:
     https://github.com/libyal/libevtx/


AUTHOR
     These man pages were written by Joachim Metz.


COPYRIGHT
     Copyright (C) 2011-2017, Joachim Metz <joachim.metz@gmail.com>.  This is free software; see
     the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or
     FITNESS FOR A PARTICULAR PURPOSE.


SEE ALSO
     evtxinfo(1)