Provided by: grokevt_0.5.0-5_all bug

NAME
       grokevt-builddb  -  Builds  a database tree based on a single windows system for the purpose of event log
       conversion.


SYNOPSIS
       grokevt-builddb [ -c CSID ] config-profile output-dir


DESCRIPTION
       grokevt-builddb uses grokevt-ripdll(1) and reglookup(1) along with  information  found  in  configuration
       files  to  extract  all necessary information from a windows installation for the conversion of event log
       files. The registry is read to determine  the  locations  of  critical  DLLs  and  the  event  log  files
       themselves. This, and other information out of the registry is stored in a directory structure which acts
       as a kind of flat-file database. This database can then be used by grokevt-parselog(1) to generate human-
       readable output.

       The  key  to  successfully  running  this  utility  is  proper  configuration.  Please see grokevt(7) for
       information on what needs to be configured.


ARGUMENTS
       config-profile
              This is the name of the configuration profiles stored in the global configuration directory  under
              the  directory  'systems'.  See  grokevt(7) for more details on how to properly configure a system
              profile.

       output-dir
              The path to the location of the output database.  If anything already exists in this directory, it
              may be overwritten or deleted.


OPTIONS
       -c CSID
              This option allows one to explicitly set which ControlSet in the registry is used to extract event
              log message mappings. If specified, this item must be a positive decimal integer.  If unspecified,
              grokevt-builddb will attempt to determine the best  ControlSet  by  looking  at  the  most  recent
              CurrentControlSet,  stored  in  the  system registry under the path '/Select/Current'.  Most users
              should ignore this option unless there is a specific reason why the last CurrentControlSet  should
              not be used.


EXAMPLES
       To generate a database at '~/win2k.grokevt' based on the system configuration profile 'win2k':

             grokevt-builddb win2k ~/win2k.grokevt

       To repeat the last command, instead using registry information explicitly from /ControlSet002:

             grokevt-builddb -c 2 win2k ~/win2k.grokevt


BUGS
       Probably a few. This script has not been extensively tested with some guest platforms.

       The  databases  built  with  this  script may not be portable to other systems, depending on the database
       drivers installed and used in Python.


CREDITS
       Written by Timothy D. Morgan.


LICENSE
       Please see the file "LICENSE" included with this software distribution.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;  without  even
       the  implied  warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
       License version 3 for more details.


SEE ALSO
       grokevt(7)  grokevt-addlog(1)  grokevt-dumpmsgs(1)   grokevt-findlogs(1)   grokevt-parselog(1)   grokevt-
       ripdll(1) reglookup(1)

File Conversion Utilities                         20 June 2011                                grokevt-builddb(1)