Some time back, somebody told me that “it’s sad you can’t view the event log from a linux system”. Well, that’s what gave me the idea to include just this feature into GuARD. I looked around and found the Windows Event Log Viewer. It’s free to use, so that’s a plus, but distribution is prohibited.

Then I came along EVTX Parser. Which is quite nice, since it decodes the log to plain xml. It contains no viewer, though. That’s where the trouble starts.

I have several ways to go from here:

  • write a GUI application from scratch to display the log
  • write an xsl file to parse the log into html
  • parse it with a shell script to some display format

The first one seems the nicest, the problem is, that my c/c++ skills are not that greatj I would have to resort to Java, but I don’t want to include all the extra bulk.

Using xsl seems to be the fastest way to do it. Sorting by category may be tough, though. I don’t think that’s an feature xsl can provide.

This leaves option number three. So far this is my favorite. It’s not much more work than creating an xsl file, but offers additional flexibility. Allowing me to split the log by category into several files and including a menu to choose the category. Maybe even using a relational database in the background to allow filters advanced sorts, etc. This may eat a bit ressources than necessary, though.

Of course I am open to other ideas. Just comment, if you have a better idea.

