Example #1
0
def EventlogTotal(filename):
    result = []
    eventlog_count = 0
    with evtx.Evtx(filename) as log:
        for i, rec in enumerate(log.records()):
            try:
                xml_str = rec.xml()
            except:
                continue

            root = XML.fromstring(xml_str)  # Event Tag
            assert len(XML._namespaces(root)) == 2
            ns = list(XML._namespaces(root)[1])
            ns = '{%s}' % ns[0] if len(ns) > 0 else ''

            event_total_information = Eventlog_Total_Information()
            result.append(event_total_information)
            result[eventlog_count].event_id = root[0][1].text
            if 'TimeCreated' in root[0][5].tag:
                result[eventlog_count].time_created = root[0][5].get(
                    'SystemTime').replace(' ', 'T') + 'Z'
            else:
                result[eventlog_count].time_created = root[0][7].get(
                    'SystemTime').replace(' ', 'T') + 'Z'
            result[eventlog_count].user_sid = root[0][-1].get('UserID')
            result[eventlog_count].source = filename.split('/')[-1]
            result[eventlog_count].data = html.unescape(xml_str)
            eventlog_count = eventlog_count + 1

    return result
Example #2
0
 def write(self, ns={}):
     file_dst = open(self._dst, "w")
     file_dst.write('{0}\n'.format(XMLNSParser.xml_declaration))
     qnames, namespaces = ET._namespaces(self._root, self._encod, None)
     namespaces.update(Dictionary(ns).reverse())
     serialize = ET._serialize[self._method]
     serialize(file_dst.write, self._root, self._encod, qnames, namespaces)
     file_dst.close()