0

I'm trying to read the data from .evtx file which are about the status of task scheduler task. To get the data I used function called get_events() from here Link.

After that I've done some simple cleanup:

raw_xml = []
for event_xml in enumerate(get_events(r'C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx')):
    raw_xml.append((event_xml)

The output is like that:

[(0,'Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"<>System<>Provider Name="Microsoft-Windows-TaskScheduler Guid"{de7b24ea-73c8}"<>/Provider>\n<EventID Qualifiers="">800</EventID>\n<Version>0</Version>\n'),(1,etc.)]

I've wanted to get this into the data frame but I can not parse through these rows, I do not know what kind of regex is use for that.

import pandas as pd
newlist = []
for i in [*raw_xml]:
    newlist.append(i[1])
df = pd.DataFrame([*newlist]

The path to the evtx files should be the same for every windows user. Appreciate some guidance.

Wiktor Stribiżew
  • 607,720
  • 39
  • 448
  • 563
Ulewsky
  • 310
  • 1
  • 11
  • Your question needs updated to show a reasonable input sample, expected output and only the relevant code necessary to reproduce the problem. See [How to make good reproducible pandas examples](https://stackoverflow.com/questions/20109391/how-to-make-good-reproducible-pandas-examples) for best practices related to Pandas questions. – itprorh66 Dec 07 '22 at 20:23

0 Answers0