EvtxECmd version #
EvtxECmd version 1.0.0.0
Describe the bug
Runnig EvtxECmd.exe -f .\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx --inc 4663
Produces an Error and 0 records are processed:
Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCC
To Reproduce
Steps to reproduce the behavior:
- Run the command, regardless of arguments, against a NetApp evtx file
Expected behavior
Either to work as expected or Continue converting with warning about missing parts
Screenshots
Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCC
.
Additional context
Those Logs are generated on NetApp
EvtxECmd version #
EvtxECmd version 1.0.0.0
Describe the bug
Runnig
EvtxECmd.exe -f .\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx --inc 4663Produces an Error and 0 records are processed:
Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCCTo Reproduce
Steps to reproduce the behavior:
Expected behavior
Either to work as expected or Continue converting with warning about missing parts
Screenshots
Error processing C:\PATH\audit_ncstcifs_D2022-08-17-T15-19-18_0000000000.evtx! Message: unknown tag to build for opCode: TokenCharRef2 (0x00000048) at position 0xCC.
Additional context
Those Logs are generated on NetApp