#! /usr/bin/perl

# Reads CIFS audit event files and dumps event records as colon
# separated fields.  For event file format, see:

#  http://msdn2.microsoft.com/en-us/library/aa363659%28VS.85%29.aspx
#  http://www.ultimatewindowssecurity.com/encyclopedia.aspx

use strict;
use warnings;
require("/na/local/evt.pl");

foreach my $file (@ARGV) {
    my $fh;
    if (!open($fh, "<", $file)) {
        print STDERR ("$0: $file: $!\n");
        next;
    }
    while (my $rec = &Evt::Record::read($fh)) {
        print($rec->raw_dump, "\n");
    }
    close($fh);
}