grokevt | scripts for reading Microsoft Windows event log files | Mehr ...
GrokEVT is a collection of scripts built for reading Microsoft Windows NT/2000/XP/2003 event log files. . Currently the scripts work together on one or more mounted Microsoft Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.