shu-tom
commented
4 years ago LogonTracer not support converting EVTX to XML with Powershell. Only Event viewer or wevtutil are supported. https://github.com/JPCERTCC/LogonTracer/wiki/how-to-use#notes-for-import-evtx
Your documentation says ""Supported file format is EVTX or XML (exported Event Viewer or PowerShell)". I ran the following PS command to convert from EVTX to XML. However, the XML file which was generated doesn't work on Logontracer. Could you please recommend the command that does work ? Tx
Get-WinEvent -path .\file.evtx | Export-clixml -Encoding UTF8 output.xml