PURPOSE OPERATION OPTIONS COMMAND LINES RELATED PROGRAMS
The Windows NT system has the capability of outputting security information in what is called an event log. The event viewer is found in the administrative tools section. When the event log is output to a comma delimited text file it is very difficult to process the file. It consists of multiline records which are not easily reformatted. Eventlog will take the comma delimited output of the event view and put it into a neater pipe-delimited output which can then be processed by the Maresware pipefix.exe program to produce a very nice fixed length output that any database can import.
The output of the event viewer program also produces dates in the format 02/12/00. This format is not consistently formatted as to width, and because it is in the mmddyy format it doesn't lend itself to easy sorting. The -d option in Eventlog will take the date and reformat it to YYYYMMDD format so it can be easily sorted and viewed.
Eventlog is a very specialized program which operates on a very special type of data file.
Eventlog will take the output of the WINNT event viewer and reform it to pipe delimited records.
In addition, the program will place on the screen a series of numbers (one per line). These are the maximum widths of each of the fields that were generated for the file. If you proceed to send the output to the pipefix command, these are the numbers you would input into the pipefix parameter file. If you were to redirect the output of Eventlog (these numbers) then you would have a pipefix parameter file generated for you.
These records are then imported to Pipefix which further processes the data.
c:>eventlog input output > pipefix.par
-d converts all dates to a YYYYMMDD format for easier sorting.
-i + file(s) input file(s) to use. Wildcards are acceptable.
-o + file output file to create. (If output already exists, user is prompted for additional action.)