How to convert previously saved .evt or evtx files from a Windows computer (or something that emulates them, i.e. a NetApp filer)? What switches can be used with the evt2repository.exe command?
1. Open a command prompt and browse to C:\Program Files\Quest Software\InTrust\Server\InTrust.
2. Run the following command:
Evt2repository.exe /file="c:\filename.evt" /domain=domainname /computer=computername /logname=logname
/repository="C:\repositorypath" /versionmajor=5 /versionminor=2 /resolvedescriptions=localfirst /resolvestrings
Where domainname and computername represents the domain and computer name of the machine that created the .evt(x) file.
Logname is the event log type, i. e. Application, Security, System, etc.
Versionmajor and Versionminor represent the OS of the Windows computer (some NetApp devices may emulate 2003 for example when creating these file so that is why it is used in the sample). For other OSes review see the MS link below:
3. Select Start | Programs | Quest Software | Intrust | Repository Viewer to verify the data was imported.
This applies to all versions of Intrust (but not Intrust for Events or Intrust Express).