Create FullEventLogView_AllEventLogs.mkape

b1540p · Apr 10, 2021 · c974f31 · c974f31
1 parent 93ea96a
commit c974f31
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/Modules/EventLogs/FullEventLogView_AllEventLogs.mkape b/Modules/EventLogs/FullEventLogView_AllEventLogs.mkape
@@ -0,0 +1,21 @@
+Description: Parses all event logs using Nirsoft FullEventLogView.exe
+Category: EventLogs
+Author: Andrew Rathbun
+Version: 1.0
+Id: bb628207-56cc-4293-aa6a-2073d406c8cc
+BinaryUrl: https://www.nirsoft.net/utils/fulleventlogview-x64.zip
+ExportFormat: csv
+FileMask: *.evtx
+Processors:
+    -
+        Executable: FullEventLogView.exe
+        CommandLine: /TimeFilter 0 /DataSource 3 /LogFolder %sourceDirectory%\Windows\System32\winevt\Logs\ /scomma %destinationDirectory%\all_event_logs.csv
+        ExportFormat: csv
+##
+# Documentation
+# https://www.nirsoft.net/utils/full_event_log_view.html
+# Uses Nirsoft's FullEventLogView to export event logs to csv
+# FullEventLogView.exe should be in the Modules\bin folder
+# Assumes the msource will include the drive letter. e.g. D:\kape\C
+# Example: .\kape.exe --msource D:\kape\C --mdest D:\kape\out --module SystemFullEventLogView
+# Example: .\kape.exe --msource C:\Windows\System32\winevt\Logs\ --mdest D:\kape\out --module SystemFullEventLogView