Author: ny1212
Subject: sysmon log registered for psloglist?
Posted: 01 September 2014 at 5:44am
The following is not THE answer but it is my interim workaround...
In event viewer on the sysmon\operational log, right click, choose "save all events as..." save as an evtx file ... e.g. sysmon.evtx
I process via
psloglist -d 999 -r -s -t \t -x -l sysmon.evtx sys > sysmon.txt
It's not what I prefer but it's useable for now.
Subject: sysmon log registered for psloglist?
Posted: 01 September 2014 at 5:44am
The following is not THE answer but it is my interim workaround...
In event viewer on the sysmon\operational log, right click, choose "save all events as..." save as an evtx file ... e.g. sysmon.evtx
I process via
psloglist -d 999 -r -s -t \t -x -l sysmon.evtx sys > sysmon.txt
It's not what I prefer but it's useable for now.