Hi: I used Capture 2.0.x before and just switch to Capture 2.5.1. I notice that the evt.log changed a lot. I think in the new evt.log, the third column is the PId, But I don't understand this "-> -1". Especially the "-1". What does it mean? Following is two examples:
registry: SetValueKey 4 System -> -1 HKLM\SYSTEM\ControlSet001\Services\CaptureFileMonitor\Enum\NextInstance file: Write 500 D:\WINDOWS\system32\services.exe -> -1 D:\WINDOWS\system32\config\SysEvent.Evt Also, I have written a perl script to process the 2.0.x evt.log but now I have to change my script. :( Regards, Jiang _______________________________________________ Capture-HPC mailing list [email protected] https://public.honeynet.org/mailman/listinfo/capture-hpc
