filenameA list of event log files to parse.list of string (required)
accessorThe accessor to use.string
messagedbA Message database from


Watch an EVTX file and stream events from it.

This is the Event plugin version of parse_evtx().

It often takes several seconds for events to be flushed to the event log and so this plugin’s event may be delayed. For some applications this results in a race condition with the event itself - for example, files mentioned in the event may already be removed by the time the event is triggered.

comments powered by Disqus