GrokEVT GrokEVT is a collection of scripts for reading Windows event log files.
Download

GrokEVT Ranking & Summary

GrokEVT Tags

log Windows collection of scripts log reader Windows event log files reader GrokEVT

GrokEVT Description

GrokEVT is a collection of scripts for reading Windows event log files. GrokEVT is a collection of scripts built for reading Windows NT event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. GrokEVT is loosely based on the PHP script and documentation provided by Jamie French.Currently the scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.Requirements:· RegLookup - This must be installed in your PATH.· Python version 2.3 or 2.4 (earlier 2.x may also work.)· Linux. Currently, due to windows partition mounting requirements, only Linux has been tested successfully. However, BSD systems may work if the right mounting options are used.What's New in This Release:· This is a major release, including several new features. · The grokevt-findlogs script was added, which can accurately detect individual log entries in raw binary files (such as memory dumps or disk partitions). · The grokevt-dumpmsgs script was added, which can be used to display the log message templates stored in GrokEVT's databases. · The man pages were converted to docbook templates.

GrokEVT Related Software