Skip to content

ctl106/wevol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
cmake
cmake
 
 
src
src
 
 
tests
tests
 
 
CMakelists.txt
CMakelists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

wevol

Windows Event Viewer On Linux

Purpose

Wevol is a C program for parsing and sorting through event records in the Windows Event .evtx files.

Dependancies

  1. CMake - https://cmake.org/ - build system
  2. Check - https://libcheck.github.io/check/ - unit testing framework

Current State

Currently, I am creating the API and the tests for reading in evtx files. I have also moved development to a seperate branch to keep main clean.

Goals

  1. Write and test API for decoding evtx log format.
  2. Reimplament needed functions from Microsoft's Event Log API:
  • OpenBackupEventLog()
  • CloseEventLog()
  • ReadEventLog()
  1. Create basic CLI with the following features:
  • Specify one or more evtx log files to view a record list from
  • Specify a record within a log to view the details of
  1. Create an API for decoding the older evt log format.
  2. Create an interactive CLI to enable easier exploring and searching of logs.
  3. Create an optional GUI to make usage more convinient.

About

Windows Event Viewer On Linux

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages