Provided by: libevtx-utils_20160107-1_amd64
NAME
evtxexport — exports items stored in a Windows XML EventViewer Log (EVTX) file
SYNOPSIS
evtxexport [-c codepage] [-f format] [-l log_file] [-m mode] [-p message_files_path] [-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type] [-hTvV] source
DESCRIPTION
evtxexport is a utility to export items stored in a Windows XML EventViewer Log (EVTX) file evtxexport is part of the libevtx package. libevtx is a library to access the Windows XML EventViewer Log (EVTX) file source is the source file. The options are as follows: -c codepage specify the codepage of ASCII strings, options: ascii, windows-874, windows-932, windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252 (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258 -f format output format, options: xml, text (default) -h shows this help -l log_file specify the file in which to log information about the exported items -m mode export mode, option: all, items (default), recovered 'all' exports the (allocated) items and recovered items, 'items' exports the (allocated) items and 'recovered' exports the recovered items -p message_files_path search PATH for the resource files (default is the current working directory) -r registy_files_path name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file -s system_file filename of the SYSTEM (Windows) Registry file This option overrides the path provided by -r -S software_file filename of the SOFTWARE (Windows) Registry file This option overrides the path provided by -r -t event_log_type event log type, options: application, security, system if not specified the event log type is determined based on the filename. -T use event template definitions to parse the event record data -v verbose output to stderr -V print version
ENVIRONMENT
None
FILES
None
EXAMPLES
# evtxexport evtxexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx evtxexport 20120910 ...
DIAGNOSTICS
Errors, verbose and debug output are printed to stderr when verbose output -v is enabled. Verbose and debug output are only printed when enabled at compilation.
BUGS
Please report bugs of any kind to <joachim.metz@gmail.com> or on the project website: https://github.com/libyal/libevtx/
AUTHOR
These man pages were written by Joachim Metz.
COPYRIGHT
Copyright (C) 2011-2016, Joachim Metz <joachim.metz@gmail.com>. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
evtxinfo(1)