grokevt-builddb - Builds a database tree based on a single windows
system for the purpose of event log conversion.
grokevt-builddb [ -c CSID ] config-profile output-dir .SH DESCRIPTION
grokevt-builddb uses grokevt-ripdll(1) and reglookup(1) along with
information found in configuration files to extract all necessary
information from a windows installation for the conversion of event log
files. The registry is read to determine the locations of critical DLLs
and the event log files themselves. This, and other information out of
the registry is stored in a directory structure which acts as a kind of
flat-file database. This database can then be used by grokevt-
parselog(1) to generate human-readable output.
The key to successfully running this utility is proper configuration.
Please see grokevt(7) for information on what needs to be configured.
This is the name of the configuration profiles stored in the
global configuration directory under the directory ’systems’.
See grokevt(7) for more details on how to properly configure a
The path to the location of the output database. If anything
already exists in this directory, it may be overwritten or
This option allows one to explicitly set which ControlSet in the
registry is used to extract event log message mappings. If
specified, this item must be a positive decimal integer. If
unspecified, grokevt-builddb will attempt to determine the best
ControlSet by looking at the most recent CurrentControlSet,
stored in the system registry under the path ’/Select/Current’.
Most users should ignore this option unless there is a specific
reason why the last CurrentControlSet should not be used.
To generate a database at ’~/win2k.grokevt’ based on the system
configuration profile ’win2k’:
grokevt-builddb win2k ~/win2k.grokevt
To repeat the last command, instead using registry information
explicitly from /ControlSet002:
grokevt-builddb -c 2 win2k ~/win2k.grokevt
Probably a few. This script has not been extensively tested with some
The databases built with this script may not be portable to other
systems, depending on the database drivers installed and used in
Written by Timothy D. Morgan.
Copyright (C) 2005-2007 Timothy D. Morgan
Please see the file "LICENSE" included with this software distribution.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License version 2 for more details.
grokevt(7) grokevt-addlog(1) grokevt-dumpmsgs(1) grokevt-findlogs(1)
grokevt-parselog(1) grokevt-ripdll(1) reglookup(1)