Package: grokevt
Version: 0.4.1-7
Severity: wishlist
grokevt-parselog requires a database, but I just received some
standalone .evtx files that I want to dump and I don't have access to
the Windows partition that they are from. It would be nice if grokevt
could parse standalone .evtx files.
--
Hi Paul,
Thanks for the suggestion. I'm the upstream developer. The issue
with event logs of any format is that you can't produce human readable
logs without a database of some kind. I think evtx files are even
worse in this sense. One could try to ship a database with the
software (which
2 matches
Mail list logo
