Closed zabulus closed 1 month ago
c0shea
commented
1 month ago The tool doesn't support pointing it to an .evtx file directly, but you could potentially import it in the Windows Event log viewer as a new source and point the tool to that source. Haven't tried that before, though.
As long as it doesn't make drastic changes to get it working, I'm open to a PR for the functionality.
zabulus
commented
1 month ago I've tried to specify imported log name but it didn't work out. Maybe I'm missing something? Does EventLog class source name support imported files?
c0shea
commented
1 month ago It might not be possible. I've never tried it.
zabulus
commented
1 month ago Unfortunately, EventLog doesn't support files or on-disk .evtx, nor is it imported to Event Viewer. Only EventLogReader has support. I've managed to use the project ingestion part in conjunction with EventLogReader. But I have doubts about whether you will take those changes. I'm closing the issue.
Hello. We have cases where we need to process .evtx shared with us retroactively. Is it possible to achieve this using Seq.Client.EventLog and how? If not, are you interested in PRs for this case?