Provided by: grokevt_0.5.0-6.1_all bug

NAME

       grokevt-addlog - A tool for adding a raw event log to an existing GrokEVT database.

SYNOPSIS

       grokevt-addlog database-dir evt-file new-type base-type

DESCRIPTION

       grokevt-addlog  takes  a  raw  event  log  (.evt file) and adds it to a pre-built database
       generated by grokevt-builddb(1). This new log file will be  set  up  to  use  the  message
       templates of another log, as determined by the user.

       This  tool  is  primarily  useful for processing deleted logs and log fragments found on a
       system. While it is possible to use the database generated from one system with  the  logs
       of another, this is not recommended for investigations unless no alternatives exist.

ARGUMENTS

       grokevt-addlog uses the following arguments:

       database-dir
              The base directory for the database generated previously by grokevt-builddb(1).

       evt-file
              The file to be added to the database.

       new-type
              The  new log type/name that evt-file will take on.  This is the name that will need
              to be used later with grokevt-parselog(1) to access the new log. This type must not
              already exist in the database.

       base-type
              The  existing  log  type  that this new log will be based on. The message templates
              from this type will be used with the new log when parsing. This type must exist  in
              the current database.

BUGS

       Probably several. This particular script has not been extensively tested.

CREDITS

       Written by Timothy D. Morgan.

LICENSE

       Please see the file "LICENSE" included with this software distribution.

       This  program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE.
       See the GNU General Public License version 3 for more details.

SEE ALSO

       grokevt(7)  grokevt-builddb(1) grokevt-dumpmsgs(1) grokevt-findlogs(1) grokevt-parselog(1)
       grokevt-ripdll(1)