This is the command grokevt-addlog that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
grokevt-addlog - A tool for adding a raw event log to an existing GrokEVT database.
SYNOPSIS
grokevt-addlog database-dir evt-file new-type base-type .SH DESCRIPTION grokevt-addlog
takes a raw event log (.evt file) and adds it to a pre-built database generated by
grokevt-builddb(1). This new log file will be set up to use the message templates of
another log, as determined by the user.
This tool is primarily useful for processing deleted logs and log fragments found on a
system. While it is possible to use the database generated from one system with the logs
of another, this is not recommended for investigations unless no alternatives exist.
ARGUMENTS
grokevt-addlog uses the following arguments:
database-dir
The base directory for the database generated previously by grokevt-builddb(1).
evt-file
The file to be added to the database.
new-type
The new log type/name that evt-file will take on. This is the name that will need
to be used later with grokevt-parselog(1) to access the new log. This type must not
already exist in the database.
base-type
The existing log type that this new log will be based on. The message templates
from this type will be used with the new log when parsing. This type must exist in
the current database.
Use grokevt-addlog online using onworks.net services
