evtexport —"> Man pages sections > man1 > evtexport

evtexport

evtexport LOCAL evtexport

NAME

evtexportexports items stored in a Windows Event Log (EVT)

SYNOPSIS

evtexport [-c codepage] [-l log_file] [-m mode] [-p message_files_path] [-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type] [-hvV] source

DESCRIPTION

evtexport is a utility to export items stored in a Windows Event Log (EVT)
evtexport is part of the libevt package. libevt is a library to access the Windows Event Log (EVT) format
source is the source file.
The options are as follows:
-c codepage
specify the codepage of ASCII strings, options: ascii, windows-874, windows-932, windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252 (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258
-h
shows this help
-l log_file
specify the file in which to log information about the exported items
-m mode
export mode, option: all, items (default), recovered 'all' exports the (allocated) items and recovered items, 'items' exports the (allocated) items and 'recovered' exports the recovered items
-p message_files_path
search PATH for the resource files (default is the current working directory)
-r registy_files_path
name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file
-s system_file
filename of the SYSTEM (Windows) Registry file This option overrides the path provided by -r
-S software_file
filename of the SOFTWARE (Windows) Registry file This option overrides the path provided by -r
-t event_log_type
event log type, options: application, security, system if not specified the event log type is determined based on the filename.
-v
verbose output to stderr
-V
print version

ENVIRONMENT

None

FILES

None

EXAMPLES

# evtexport evtexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/config/AppEvent.Evt 
evtexport 20120910 
 

...
 

DIAGNOSTICS

Errors, verbose and debug output are printed to stderr when verbose output -v is enabled. Verbose and debug output are only printed when enabled at compilation.

BUGS

Please report bugs of any kind to <joachim.metz@gmail.com> or on the project website: https://github.com/libyal/libevt/

AUTHOR

These man pages were written by Joachim Metz. Copyright (C) 2011-2017, Joachim Metz <joachim.metz@gmail.com>. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

evtinfo(1)
January 31, 2014 libevt