The Windows Log Analyzer exposes a Python API to the frontend via pywebview's JS API bridge.
Get list of available log files.
Parameters:
include_loaded(bool): Include already loaded files
Returns:
{
"files": [
{
"path": "C:\\Windows\\System32\\winevt\\Logs\\Security.evtx",
"name": "Security.evtx",
"size": 1048576,
"modified": "2024-01-01T00:00:00"
}
]
}Open file dialog to select a log file.
Returns:
{
"path": "C:\\path\\to\\file.evtx",
"name": "file.evtx"
}load_events_paginated(file_path, page=1, page_size=100, sort_field="TimeCreated", sort_direction="desc")
Load events with pagination.
Parameters:
file_path(str): Path to EVTX filepage(int): Page number (1-based)page_size(int): Events per pagesort_field(str): Field to sort bysort_direction(str): "asc" or "desc"
Returns:
{
"events": [...],
"total": 1000,
"page": 1,
"page_size": 100,
"total_pages": 10
}Get loading progress for a file.
Returns:
{
"loaded": 500,
"total": 1000,
"percentage": 50.0,
"status": "loading"
}search_events(file_path, keyword, page=1, page_size=100, sort_field="TimeCreated", sort_direction="desc")
Search events by keyword.
Parameters:
file_path(str): Path to EVTX filekeyword(str): Search keyword (supports multiple keywords separated by space)page(int): Page numberpage_size(int): Results per pagesort_field(str): Field to sort bysort_direction(str): "asc" or "desc"
Returns:
{
"results": [...],
"total": 50,
"page": 1,
"page_size": 100
}advanced_search_events(file_path, filters, page=1, page_size=100, sort_field="TimeCreated", sort_direction="desc")
Advanced search with multiple filters.
Parameters:
file_path(str): Path to EVTX filefilters(dict): Filter conditions{ "EventID": "4624", "Level": "Information", "TimeCreated": { "start": "2024-01-01T00:00:00", "end": "2024-01-31T23:59:59" } }
Get alert rules for a file.
Returns:
{
"rules": [
{
"id": "rule1",
"name": "Failed Login",
"enabled": true,
"conditions": {...}
}
]
}Save alert rules.
Scan for alerts in loaded events.
Returns:
{
"alerts": [...],
"total": 10,
"scanned": 10000
}Get overview statistics.
Returns:
{
"total_events": 1000,
"event_levels": {
"Information": 800,
"Warning": 150,
"Error": 50
},
"top_event_ids": [...]
}Get login statistics (for Security logs).
Get account management statistics.
Get process creation statistics.
Get system event statistics.
Get application event statistics.
Get cache information.
Returns:
{
"total_size": 10485760,
"files": [...]
}Clear all cache.
Clear cache for specific file.
export_to_csv(evtx_file_path, visible_fields, export_type="all", search_keyword=None, advanced_filters=None)
Export events to CSV.
Parameters:
evtx_file_path(str): Path to EVTX filevisible_fields(list): Fields to exportexport_type(str): "all", "search", or "advanced"search_keyword(str): Keyword for search exportadvanced_filters(dict): Filters for advanced export
Returns:
{
"success": true,
"file_path": "C:\\path\\to\\export.csv",
"rows": 1000
}