debian man page for grokevt-addlog

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: grokevt-addlog

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

grokevt-addlog(1)														 grokevt-addlog(1)


NAME

       grokevt-addlog - A tool for adding a raw event log to an existing GrokEVT database.


SYNOPSIS

       grokevt-addlog  database-dir  evt-file new-type base-type .SH DESCRIPTION grokevt-addlog takes a raw event log (.evt file) and adds it to a
       pre-built database generated by grokevt-builddb(1). This new log file will be set up to use the message templates of another log, as deter-
       mined by the user.

       This  tool  is  primarily  useful for processing deleted logs and log fragments found on a system. While it is possible to use the database
       generated from one system with the logs of another, this is not recommended for investigations unless no alternatives exist.


ARGUMENTS

       grokevt-addlog uses the following arguments:

       database-dir
	      The base directory for the database generated previously by grokevt-builddb(1).

       evt-file
	      The file to be added to the database.

       new-type
	      The new log type/name that evt-file will take on.  This is the name that will need to be	used  later  with  grokevt-parselog(1)	to
	      access the new log. This type must not already exist in the database.

       base-type
	      The  existing  log  type that this new log will be based on. The message templates from this type will be used with the new log when
	      parsing. This type must exist in the current database.


BUGS

       Probably several. This particular script has not been extensively tested.


CREDITS

       Written by Timothy D. Morgan.

       Copyright (C) 2006-2007 Timothy D. Morgan


LICENSE

       Please see the file "LICENSE" included with this software distribution.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY	WARRANTY;  without  even  the  implied	warranty  of  MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more details.


SEE ALSO

       grokevt(7) grokevt-builddb(1) grokevt-dumpmsgs(1) grokevt-findlogs(1) grokevt-parselog(1) grokevt-ripdll(1)

File Conversion Utilities					   20 March 2008						 grokevt-addlog(1)
Related Man Pages
grokevt-dumpmsgs(1) - debian
grokevt-ripdll(1) - debian
mysql2dlf(1) - debian
zeitgeist-daemon(1) - debian
grokevt(7) - debian
Similar Topics in the Unix Linux Community
To Read a File and Insert a part of the lines into the database
Tailing last modified part of log file
Shell script to copy a log file if it exceeds 5000000 bytes
get the top 15 of the latest file!
Search and email