AndrewRathbun
commented
2 years ago @maysara do you have any sample data you can provide?
Open maysara opened 2 years ago
AndrewRathbun
commented
2 years ago @maysara do you have any sample data you can provide?
maysara
commented
2 years ago @AndrewRathbun
@maysara do you have any sample data you can provide? A sample of 2MB chunk: https://hostb.org/26XW pwd is @+your twitter handle Please remove File with: 578ZHW
AndrewRathbun
commented
2 years ago @AndrewRathbun
@maysara do you have any sample data you can provide? A sample of 2MB chunk: https://hostb.org/26XW pwd is @+your twitter handle Please remove File with: 578ZHW
Got it, thank you! I've been able to recreate the issue. I passed the .evtx on to Eric.
tgomell
commented
2 years ago These problems came with netapp logs. I get this Error too: \Downloads\EvtxECmd\EvtxeCmd\audit_ncstcifs.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCC
EvtxECmd.exe -f "audit_ncstcifs.evtx" --csv "C:\Users\t.gomell\Downloads\EvtxECmd\EvtxeCmd" --inc 4663
EvtxECmd version # EvtxECmd version 1.0.0.0
Describe the bug Runnig
EvtxECmd.exe -f .\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx --inc 4663Produces an Error and 0 records are processed:Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCCTo Reproduce Steps to reproduce the behavior:
Expected behavior Either to work as expected or Continue converting with warning about missing parts
Screenshots
Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCC.Additional context Those Logs are generated on NetApp