shu-tom
commented
4 years ago Logon Tracer fixes performance when parsing EVTX files. https://github.com/JPCERTCC/LogonTracer/commit/97e0dc4edf59a223f79f89b892fd9aada5743bf3 If you have problems with the latest version, use a high performance machine.
We have an eventlog which contains 946000 records, and it took approximately 3.5 days to ingest this into logon tracer. Is this the expected speed of the tool? What other optimizations could we try to speed this up?
Thanks