{"id":24445,"library":"python-evtx","title":"python-evtx","description":"A pure Python parser for Windows event log files (.evtx). Version 0.8.1 supports Python >=3.9, provides XML and JSON dump functionality, and extracts event records from EVTX files. Maintenance is active with occasional releases.","status":"active","version":"0.8.1","language":"python","source_language":"en","source_url":"https://github.com/williballenthin/python-evtx","tags":["forensics","windows","event-log","parser","evtx"],"install":[{"cmd":"pip install python-evtx","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Used for XML output of event records","package":"lxml","optional":true},{"reason":"Compatibility layer (deprecated in v0.8.0 but may still be pulled)","package":"six","optional":true}],"imports":[{"note":"Evtx is a class within the evtx module, not a top-level import","wrong":"import Evtx","symbol":"Evtx","correct":"from evtx import Evtx"},{"note":"PyEvtxParser is a higher-level parser class","wrong":"","symbol":"PyEvtxParser","correct":"from evtx import PyEvtxParser"}],"quickstart":{"code":"from evtx import PyEvtxParser\n\nparser = PyEvtxParser('example.evtx')\nfor record in parser.records():\n    print(record['data'])","lang":"python","description":"Open an EVTX file and iterate over records; each record contains 'event_data' (XML string) and 'data' (raw string when JSON not available)."},"warnings":[{"fix":"Upgrade python-evtx to v0.8.1 and use Python >=3.8.","message":"Python 2.7 support removed in v0.8.0; Python 3.8+ required. v0.7.x development had pinned dependencies due to Python 2 deprecation. Upgrade to v0.8.1.","severity":"breaking","affected_versions":"<0.8.0"},{"fix":"Use correct import: from evtx import Evtx or from evtx import PyEvtxParser","message":"The module name is 'evtx', not 'python_evtx' or 'PyEvtx'. Import with 'from evtx import Evtx'.","severity":"gotcha","affected_versions":"all"},{"fix":"Iterate over parser.records() instead of list(parser.records()) for large files.","message":"Large EVTX files can consume significant memory if records are loaded all at once. Use the iterator interface (parser.records()) rather than converting to a list.","severity":"gotcha","affected_versions":"all"},{"fix":"Install lxml via pip to ensure full XML support.","message":"The lxml library is optional but recommended for XML output. Without lxml, XML generation may fall back to a less robust implementation.","severity":"deprecated","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run: pip install python-evtx","cause":"Installed package under a different name or not installed at all.","error":"ModuleNotFoundError: No module named 'evtx'"},{"fix":"Use 'from evtx import Evtx' then 'Evtx(\"file.evtx\")'.","cause":"Incorrect import pattern; tried 'import evtx' then 'evtx.Evtx(...)'.","error":"AttributeError: module 'evtx' has no attribute 'Evtx'"},{"fix":"Ensure the EVTX file path is properly encoded and exists. Use raw strings or os.path.normpath.","cause":"File path contains non-ASCII characters on Windows or is malformed.","error":"OSError: [Errno 22] Invalid argument"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}