Provided by: libevtx-utils_20181227-2.1build1_amd64 bug

NAME
       evtxexport — exports items stored in a Windows XML EventViewer Log (EVTX) file


SYNOPSIS
       evtxexport    [-c   codepage]   [-f   format]   [-l   log_file]   [-m   mode]   [-p   message_files_path]
                  [-r registy_files_path] [-s system_file] [-S software_file] [-t event_log_type] [-hTvV] source


DESCRIPTION
       evtxexport is a utility to export items stored in a Windows XML EventViewer Log (EVTX) file

       evtxexport is part of the libevtx package.  libevtx is a library to access the  Windows  XML  EventViewer
       Log (EVTX) file

       source is the source file.

       The options are as follows:

       -c codepage
               specify  the  codepage  of  ASCII strings, options: ascii, windows-874, windows-932, windows-936,
               windows-949,  windows-950,  windows-1250,  windows-1251,  windows-1252  (default),  windows-1253,
               windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258

       -f format
               output format, options: xml, text (default)

       -h      shows this help

       -l log_file
               specify the file in which to log information about the exported items

       -m mode
               export  mode,  option:  all,  items  (default), recovered 'all' exports the (allocated) items and
               recovered items, 'items' exports the (allocated) items  and  'recovered'  exports  the  recovered
               items

       -p message_files_path
               search PATH for the resource files (default is the current working directory)

       -r registy_files_path
               name of the directory containing the SOFTWARE and SYSTEM (Windows) Registry file

       -s system_file
               filename of the SYSTEM (Windows) Registry file This option overrides the path provided by -r

       -S software_file
               filename of the SOFTWARE (Windows) Registry file This option overrides the path provided by -r

       -t event_log_type
               event  log  type,  options:  application, security, system if not specified the event log type is
               determined based on the filename.

       -T      use event template definitions to parse the event record data

       -v      verbose output to stderr

       -V      print version


ENVIRONMENT
       None


FILES
       None


EXAMPLES
       # evtxexport evtxexport -p c/ -r c/Windows/System32/config/ c/Windows/System32/winevt/Logs/Apllication.Evtx
       evtxexport 20120910

             ...


DIAGNOSTICS
       Errors, verbose and debug output are printed to stderr when verbose output -v is  enabled.   Verbose  and
       debug output are only printed when enabled at compilation.


BUGS
       Please   report   bugs   of   any   kind   to   <joachim.metz@gmail.com>   or  on  the  project  website:
       https://github.com/libyal/libevtx/


AUTHOR
       These man pages were written by Joachim Metz.


COPYRIGHT
       Copyright (C) 2011-2018, Joachim Metz <joachim.metz@gmail.com>.  This is free software;  see  the  source
       for  copying  conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.


SEE ALSO
       evtxinfo(1)

libevtx                                         February 10, 2014                                   evtxexport()