filenameA list of event log files to parse.list of OSPath (required)
accessorThe accessor to use.string
messagedbA Message database from

Required Permissions: FILESYSTEM_READ


Watch an EVTX file and stream events from it.

This is the Event plugin version of parse_evtx().

It often takes several seconds for events to be flushed to the event log and so this plugin’s event may be delayed. For some applications this results in a race condition with the event itself - for example, files mentioned in the event may already be removed by the time the event is triggered.