log2timeline evtx plugin

[Abel Morales]

I'm new to log2timeline and plaso. I have a set of raw evtx files that I would like to run through log2timeline and then through plaso to export into CSV. 

Is it possible to run multiple evtx files into one plaso file? Let me share what I have tried:

1. log2timeline.exe --parsers "winevtx" test1.plaso Security.evtx

2. psort.exe -o l2tcsv -w test1.csv test1.plaso

I get an export that is difficult to read. What am I missing for it to parse out the username, host, event ID, and description field?

[Joachim Metz]

> Is it possible to run multiple evtx files into one plaso file?

yes, put them in a directory and point log2timeline.exe to the
directory or multiple times run log2timeline.exe with the same plaso
file with different evtx files

> I get an export that is difficult to read.

psort supports multiple output formats, I opt to look for an output
format that closer matches your needs

Also see: http://blog.kiddaland.net/2015/04/windows-event-log-message-strings.html?view=sidebar
for event log message strings

> --
> You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.