Notifications

Clear all

Windows XP Event Logs

General (Technical, Procedural, Software, Hardware etc.)

4 Posts

3 Users

0 Reactions

584 Views

RSS

jhooker

(@jhooker)

Active Member

Joined: 19 years ago

Posts: 17

Topic starter 13/02/2008 7:55 pm

Is it possible to analyse windows xp event logs using linux based / FOSS tools?

thanks!

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

13/02/2008 8:25 pm

Yes. I have written Perl code for analyzing .evt files, that are based on parsing the files on a binary level without using the MS API at all.

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

13/02/2008 8:25 pm

Also, check out PyFlag.

ReplyQuote

farmerdude

(@farmerdude)

Estimable Member

Joined: 20 years ago

Posts: 242

15/02/2008 8:06 pm

jhooker,

Absolutely. Both Delve and grokevt may be used to read EVT files.

regards,

farmerdude

ReplyQuote

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed