Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

evtxexport			     LOCAL			    evtxexport

NAME
     evtxexport — exports items stored in a Windows XML EventViewer Log (EVTX)
     file

SYNOPSIS
     evtxexport [-c codepage] [-f format] [-l log_file] [-m mode]
		[-p message_files_path] [-r registy_files_path]
		[-s system_file] [-S software_file] [-t event_log_type]
		[-hTvV] source

DESCRIPTION
     evtxexport is a utility to export items stored in a Windows XML
     EventViewer Log (EVTX) file

     evtxexport is part of the libevtx package.	 libevtx is a library to
     access the Windows XML EventViewer Log (EVTX) file

     source is the source file.

     The options are as follows:

     -c codepage
	     specify the codepage of ASCII strings, options: ascii, win‐
	     dows-874, windows-932, windows-936, windows-949, windows-950,
	     windows-1250, windows-1251, windows-1252 (default), windows-1253,
	     windows-1254, windows-1255, windows-1256, windows-1257 or win‐
	     dows-1258

     -f format
	     output format, options: xml, text (default)

     -h	     shows this help

     -l log_file
	     specify the file in which to log information about the exported
	     items

     -m mode
	     export mode, option: all, items (default), recovered 'all'
	     exports the (allocated) items and recovered items, 'items'
	     exports the (allocated) items and 'recovered' exports the recov‐
	     ered items

     -p message_files_path
	     search PATH for the resource files (default is the current work‐
	     ing directory)

     -r registy_files_path
	     name of the directory containing the SOFTWARE and SYSTEM (Win‐
	     dows) Registry file

     -s system_file
	     filename of the SYSTEM (Windows) Registry file This option over‐
	     rides the path provided by -r

     -S software_file
	     filename of the SOFTWARE (Windows) Registry file This option
	     overrides the path provided by -r

     -t event_log_type
	     event log type, options: application, security, system if not
	     specified the event log type is determined based on the filename.

     -T	     use event template definitions to parse the event record data

     -v	     verbose output to stderr

     -V	     print version

ENVIRONMENT
     None

FILES
     None

EXAMPLES
     # evtxexport evtxexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
     evtxexport 20120910

	   ...

DIAGNOSTICS
     Errors, verbose and debug output are printed to stderr when verbose out‐
     put -v is enabled.	 Verbose and debug output are only printed when
     enabled at compilation.

BUGS
     Please report bugs of any kind to <joachim.metz@gmail.com> or on the
     project website: https://github.com/libyal/libevtx/

AUTHOR
     These man pages were written by Joachim Metz.

COPYRIGHT
     Copyright (C) 2011-2015, Joachim Metz <joachim.metz@gmail.com>.  This is
     free software; see the source for copying conditions. There is NO war‐
     ranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO
     evtxinfo(1)

libevtx			       February 10, 2014		       libevtx

Vote for polarhome