NAME¶
grokevt-builddb - Builds a database tree based on a single windows system for
the purpose of event log conversion.
SYNOPSIS¶
grokevt-builddb [ -c CSID ] config-profile
output-dir .SH DESCRIPTION grokevt-builddb uses
grokevt-ripdll(1) and
reglookup(1) along with information found in
configuration files to extract all necessary information from a windows
installation for the conversion of event log files. The registry is read to
determine the locations of critical DLLs and the event log files themselves.
This, and other information out of the registry is stored in a directory
structure which acts as a kind of flat-file database. This database can then
be used by
grokevt-parselog(1) to generate human-readable output.
The key to successfully running this utility is proper configuration. Please see
grokevt(7) for information on what needs to be configured.
ARGUMENTS¶
- config-profile
- This is the name of the configuration profiles stored in the global
configuration directory under the directory 'systems'. See grokevt(7) for
more details on how to properly configure a system profile.
- output-dir
- The path to the location of the output database. If anything already
exists in this directory, it may be overwritten or deleted.
OPTIONS¶
- -c CSID
- This option allows one to explicitly set which ControlSet in the registry
is used to extract event log message mappings. If specified, this item
must be a positive decimal integer. If unspecified, grokevt-builddb will
attempt to determine the best ControlSet by looking at the most recent
CurrentControlSet, stored in the system registry under the path
'/Select/Current'. Most users should ignore this option unless there is a
specific reason why the last CurrentControlSet should not be used.
EXAMPLES¶
To generate a database at '~/win2k.grokevt' based on the system configuration
profile 'win2k':
grokevt-builddb win2k ~/win2k.grokevt
To repeat the last command, instead using registry information explicitly from
/ControlSet002:
grokevt-builddb -c 2 win2k ~/win2k.grokevt
BUGS¶
Probably a few. This script has not been extensively tested with some guest
platforms.
The databases built with this script may not be portable to other systems,
depending on the database drivers installed and used in Python.
CREDITS¶
Written by Timothy D. Morgan.
Copyright (C) 2005-2007 Timothy D. Morgan
LICENSE¶
Please see the file "LICENSE" included with this software
distribution.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
details.
SEE ALSO¶
grokevt(7) grokevt-addlog(1) grokevt-dumpmsgs(1) grokevt-findlogs(1)
grokevt-parselog(1) grokevt-ripdll(1) reglookup(1)