xenial (1) grokevt-findlogs.1.gz

Provided by: grokevt_0.4.1-10_all bug

NAME
       grokevt-findlogs - Attempts to find log file fragments in raw binary files, such as memory dumps and disk
       images.


SYNOPSIS
       grokevt-findlogs -?  .PP grokevt-findlogs [-v] [-h] [-H] [-o offset] raw-file  .SH  DESCRIPTION  grokevt-
       findlogs  searches  a  raw binary file for event log records. It produces a simple comma-separated values
       (CSV) output to stdout which  includes  metadata  and  offsets  of  any  hits.  Using  the  metadata  and
       offset/contiguity information, it should be easy to determine if the hits are false positives or not.


ARGUMENTS
       raw-file
              The binary file to be searched.


OPTIONS
       -?     Prints a basic usage statement.

       -v     Verbose  mode.  Prints  status  messages to stderr, which can be helpful for debugging. (Currently
              does nothing.)

       -h     Prints a header row at the top of the CSV output containing labels for each column. (This  is  the
              default behavior.)

       -H     Disables the printing of a header row. This is useful when grokevt-findlogs is used in a script.

       -o offset
              Begin search at this byte offset within the binary file.


BUGS
       Probably a few. This script has not been extensively tested with some guest platforms.

       There are likely some speed improvements that could be made.


CREDITS
       Written by Timothy D. Morgan

       Copyright (C) 2006-2007 Timothy D. Morgan


LICENSE
       Please see the file "LICENSE" included with this software distribution.

       This  program  is  distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
       the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  General  Public
       License version 2 for more details.


SEE ALSO
       grokevt(7) grokevt-addlog(1) grokevt-builddb(1) grokevt-dumpmsgs(1) grokevt-parselog(1) grokevt-ripdll(1)