[
https://issues.apache.org/jira/browse/NIFI-13332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18064788#comment-18064788
]
Daniel Stieglitz commented on NIFI-13332:
-----------------------------------------
[~exceptionfactory] Can this ticket now be resolved since the ParseEVTX has now
been deprecated?
> NiFi ParseEVTX processor should support EVTX format version 3.2
> ---------------------------------------------------------------
>
> Key: NIFI-13332
> URL: https://issues.apache.org/jira/browse/NIFI-13332
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.24.0
> Environment: Docker
> Reporter: Stephen Jeffrey Hindmarch
> Priority: Major
>
> From Windows 10 onwards the format for EVTX (compressed windows event logs)
> has been changed from version 3.1 to 3.2.
> The ParseEVTX processor in NiFi parses these files to turn them into sets of
> windows event logs in XML. However, EVTX logs extracted from a Windows 10
> laptop will cause the processor to fail with this message.
> {noformat}
> ParseEvtx[id=c5eadd74-56b2-3763-b7d0-1274b905ce06] Processing failed:
> org.apache.nifi.processor.exception.ProcessException: IOException thrown from
> ParseEvtx[id=c5eadd74-56b2-3763-b7d0-1274b905ce06]: java.io.IOException:
> Invalid minor version. Expected 1 got 2.
> - Caused by: java.io.IOException: Invalid minor version. Expected 1 got
> 2.{noformat}
> Also, the incoming flow file is stuck in the input queue instead of being
> transferred to the failure queue.
> As Windows 10 and 11 use this format, and I suspect Windows Server 2022 does
> too, then this EVTX 3.2 will be quite mainstream soon and NiFi should support
> it.
> See [GitHub Project
> libevtx|https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc]
> for more detailed information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
