Module errors, parts of app missing

[xsilvertom]

SYSTEM: I was seeing errors as below on Windows 10 embedded Ubuntu/Debian (ver: stretch/sid) also referenced as WLS.

PROBLEM DESCRIPTION I thought that both possible installation methods, apt-get and pip, should be equal. Which appeared as wrong assumption. I did installed first via apt-get and app was not able to perform anything, complained about missing modules and parts. Examples of errors bellow.

SOLUTION: Remove app and reinstall via pip. apt-get remove python-evtx pip install python-evtx ... voila it will start to work as expected now .. _evtxdump.py winsec-log.evtx > winsec-log-decomposed.xml

ERROR SAMPLES

.Traceback (most recent call last):
  File "./evtx_dump.py", line 20, in <module>
    import Evtx.Evtx as evtx
  File "./Evtx.py", line 29, in <module>
    import Evtx.Views as e_views
ImportError: No module named Views

Traceback (most recent call last):
  File "./evtx_dump.py", line 42, in <module>
    main()
  File "./evtx_dump.py", line 34, in main
    print(e_views.XML_HEADER)
AttributeError: 'module' object has no attribute 'XML_HEADER'

[williballenthin]

Hi @xsilvertom

Thanks for the report. I think what you have included makes sense and is correct. I am not the maintainer of the Debian package, and it seems they are distributing an old version of the library. We should redirect this issue to the Debian maintainer so that everyone benefits.

When dealing with python code, I'd recommend using pip over apt-get for precisely this reason. However, I understand that it can be tedious to keep track of multiple package managers.

Thanks again for the comprehensive report!

[williballenthin]

Here's the Debian mantainer page: https://packages.debian.org/jessie/python-evtx

Note the latest .deb is for version 0.3.1 vs 0.6.1 in pip.