https://github.com/kost/spitevents

Useful scripts to parse various events/logs including Windows Events
https://github.com/kost/spitevents

Last synced: about 2 months ago
JSON representation

Useful scripts to parse various events/logs including Windows Events

• Host: GitHub
• URL: https://github.com/kost/spitevents
• Owner: kost
• License: gpl-2.0
• Created: 2014-03-15T12:32:11.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2014-03-15T13:39:01.000Z (about 11 years ago)
• Last Synced: 2025-01-31T06:39:43.051Z (4 months ago)
• Language: Perl
• Size: 137 KB
• Stars: 1
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
SpitEvents

==========

Useful scripts to parse various events/logs including Windows Events

So far, there is:

spitwinevents.pl - Useful for extracting windows events in evtx to CSV

Usage

=====

Extract me relevant authentication events from security-events.evtx:

`spitwinevents.pl -p auth security-events.evtx`

Extract me events with ID 4624,4634 (login/logoff):

`spitwinevents.pl -e 4624,4634 security-events.evtx`

Extract me login/logoff authentication events with additional fields specified in -f:

`spitwinevents.pl -f TargetUserName,TargetDomainName,LogonType,TargetLogonId,IpAddress,IpPort -e 4624,4634 security-events.evtx`

Requirements

============

In short, it requires Perl, Parse::Evtx and XML::Simple.

But I guess copy & paste from the perl file will help you:

```perl

use Parse::Evtx;

use Parse::Evtx::Chunk;

use Carp::Assert;

use XML::Simple;

use IO::File 1.14;