Skip to content
/ evtx-python Public

Quickly and precisely pasrse/search large Event Viewer files directly from the terminal.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

4renwald/evtx-python

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
assets/images
assets/images
 
 
samples
samples
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
evtx-parser.py
evtx-parser.py
 
 

Repository files navigation

evtx-python


Quick evtx files parsing using: https://github.com/omerbenamram/evtx

Setup environment:

python -m venv venv_evtx-python
source venv_evtx-python/bin/activate
pip install evtx

Usage

python .\evtx-parser.py -h
usage: evtx-parser.py [-h] --eventids EVENTIDS [EVENTIDS ...] --file FILE [--show-all] [--search SEARCH]

Parse evtx files by EventID

options:
  -h, --help            show this help message and exit
  --eventids EVENTIDS [EVENTIDS ...], -ids EVENTIDS [EVENTIDS ...]
                        EventID to parse, can be a list of IDs separated by a space. Example: --eventids 1149
  --file FILE, -f FILE  Path for evtx file
  --show-all            Show all event data
  --search SEARCH       search for a specific string in the EventData

About

Quickly and precisely pasrse/search large Event Viewer files directly from the terminal.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages