Binary package “grokevt” in ubuntu lucid
scripts for reading Microsoft Windows event log files
GrokEVT is a collection of scripts built for reading Microsoft Windows
NT/2000/XP/2003 event log files.
Currently the scripts work together on one or more mounted Microsoft Windows
partitions to extract all information needed (registry entries, message
templates, and log files) to convert the logs to a human-readable format.