NAME

       grokevt-builddb  - Builds a database tree based on a single windows system for the purpose
       of event log conversion.

SYNOPSIS

       grokevt-builddb [ -c CSID ] config-profile output-dir .SH DESCRIPTION grokevt-builddb uses
       grokevt-ripdll(1)  and reglookup(1) along with information found in configuration files to
       extract all necessary information from a windows installation for the conversion of  event
       log  files. The registry is read to determine the locations of critical DLLs and the event
       log files themselves. This, and other information out of  the  registry  is  stored  in  a
       directory  structure which acts as a kind of flat-file database. This database can then be
       used by grokevt-parselog(1) to generate human-readable output.

       The key  to  successfully  running  this  utility  is  proper  configuration.  Please  see
       grokevt(7) for information on what needs to be configured.

ARGUMENTS

       config-profile
              This  is  the name of the configuration profiles stored in the global configuration
              directory under the directory 'systems'. See grokevt(7) for more details on how  to
              properly configure a system profile.

       output-dir
              The  path  to  the  location of the output database.  If anything already exists in
              this directory, it may be overwritten or deleted.

OPTIONS

       -c CSID
              This option allows one to explicitly set which ControlSet in the registry  is  used
              to  extract  event log message mappings. If specified, this item must be a positive
              decimal integer.  If unspecified, grokevt-builddb will  attempt  to  determine  the
              best  ControlSet  by  looking  at  the most recent CurrentControlSet, stored in the
              system registry under the path '/Select/Current'.  Most users  should  ignore  this
              option  unless there is a specific reason why the last CurrentControlSet should not
              be used.

EXAMPLES

       To generate a database at '~/win2k.grokevt' based  on  the  system  configuration  profile
       'win2k':

             grokevt-builddb win2k ~/win2k.grokevt

       To   repeat   the  last  command,  instead  using  registry  information  explicitly  from
       /ControlSet002:

             grokevt-builddb -c 2 win2k ~/win2k.grokevt

BUGS

       Probably a few. This script has not been extensively tested with some guest platforms.

       The databases built with this script may not be portable to other  systems,  depending  on
       the database drivers installed and used in Python.

CREDITS

       Written by Timothy D. Morgan.

       Copyright (C) 2005-2007 Timothy D. Morgan

LICENSE

       Please see the file "LICENSE" included with this software distribution.

       This  program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE.
       See the GNU General Public License version 2 for more details.

SEE ALSO

       grokevt(7)  grokevt-addlog(1)  grokevt-dumpmsgs(1) grokevt-findlogs(1) grokevt-parselog(1)
       grokevt-ripdll(1) reglookup(1)