python-evtx
python-evtx copied to clipboard
williballenthin
Pure Python parser for Windows Event Log files (.evtx)
Hi, I'm using python to pull event logs from remote machine using ms-even6 interface (https://msdn.microsoft.com/en-us/library/cc231282.aspx). I used EvtRpcRegisterLogQuery and EvtRpcQueryNext functions which produce a byte array that contains the BinXml...
It would be nice to get the mapping of task (int) to task category (string) mapping. At the moment i couldn't find anything to get the same
Hi, I'm seeing exception Evtx.BinaryParser.OverrunBufferException raised unexpectedly when parsing event logs "Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx", "Microsoft-Windows-WindowsUpdateClient%4Operational.evtx", and "Microsoft-Windows-CAPI2%4Operational.evtx" (all extracted from a Windows 7 testing instance) using evtx_dump.py. For...
Sometimes, when parsing huge EVTX I get this error `in xml_records for xml, record in evtx_file_xml_view(evtx.get_file_header()): File "/usr/local/lib/python3.7/site-packages/Evtx/Views.py", line 240, in evtx_file_xml_view record_str = evtx_record_xml_view(record) File "/usr/local/lib/python3.7/site-packages/Evtx/Views.py", line 204, in...
The following errors occur for the program when I run it. Previously it was running perfectly fine but now it doesn't get corrected. Does anyone have any ideas on how...
I met a problem in parsing. ``` File "C:\Program Files\Python37\lib\site-packages\Evtx\Nodes.py", line 1555, in string raise ParseException("Error parsing uneven substring of NULLs") Evtx.BinaryParser.ParseException: Parse Exception(Error parsing uneven substring of NULLs) ```...
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
Hi, When attempting to parse an evtx file as gathered by a collector on a Win server 2012 R2 box ; I get the following errors: ``` ./evtx_dump.py Archive-ForwardedEvents-2017-07-19-09-54-122.evtx Traceback...
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
Metadata
Owner
Metadata
Pure Python parser for Windows Event Log files (.evtx)