search

omerbenamram / evtx

A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
Apache License 2.0
625 stars 61 forks source link

Command line flag to skip printing "#attributes" while taking output as JSON #214

Open Pinpwn opened 2 years ago

Pinpwn commented 2 years ago

The JSON output contains "#attributes" which alters the true nature of the log and makes querying data a challenge.

The introduction of a simple command line flag that skips printing the "#attributes" text and prints even attributes as simple parent-child will make life easy for anybody who has to load and query the output of this project.

JSON formed by parsing EVTX using rust_evtx:

{
  "Event": {
    "#attributes": {
      "xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
    }
    .
    .
  }
}

Desired JSON:

{
  "Event": {
    {
      "xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
    }
    .
    .
  }
}

Thank you for considering my sincere request.