A single invalid evtx stream halts processing of multiple files

[michaeljgoodman]

Running on a sample of 178 evtx files and it fails quickly throwing the error "[!] Chainsaw exited: An error occurred while trying to deserialize evtx stream."

However, it does not give any indication of which log file it failed to parse, and with 100+ logs it's time consuming to work out which evtx file(s) it's struggling with.

Additionally it can be tedious to copy the files to a new location and remove just the one invalid file and re-run, so a suggested fix would preferably be one that:

• Skips any evtx file it fails to parse
• Provides verbose (or logged) indication of the filename when throwing errors

[fscc-jamesd]

Hi @michaelgoodman-cr

Thanks for rasing this. I've got a fix on the way for this issue as it was also raised in #39

I'll close this as a duplicate for now and update the other issue once I've implemented a fix.