Version: 1.0.0
Repository: https://github.com/vam876/FastWinLog
-
Install Python 3.8+
- Download from https://www.python.org/
-
Install Dependencies
pip install -r requirements.txt
-
Run the Application
python main.py
Or double-click
start.bat
- Download
WindowsLogAnalyzer.exefrom releases - Double-click to run
- No installation required!
- Click "Select Log File" button
- Navigate to Windows log directory:
C:\Windows\System32\winevt\Logs\ - Select a log file (e.g.,
Security.evtx,System.evtx) - Wait for parsing to complete
- Events are displayed in a table
- Use pagination to navigate
- Click on an event to see details
- Sort by clicking column headers
Simple Search:
- Enter keyword in search box
- Press Enter or click Search
- Supports multiple keywords (space-separated)
Advanced Search:
- Click "Advanced Search" button
- Add multiple filter conditions
- Combine filters with AND/OR logic
- Filter by Event ID, Level, Time, etc.
Use Security Presets:
- Click "Security Presets" button
- Select a preset (e.g., "Failed Logins", "Account Changes")
- View filtered results instantly
Alert Rules:
- Switch to "Alert Center" tab
- View built-in security alert rules
- Enable/disable rules as needed
- Click "Scan Alerts" to find matches
- Switch to "Statistics" tab
- Select time range (24h, 7d, 30d, All)
- View charts and graphs:
- Event distribution by level
- Top event IDs
- Timeline charts
- Security-specific stats (for Security logs)
Export Current View:
- Click "Export" button
- Choose CSV or JSON format
- Select visible columns
- Save to file
Export Search Results:
- Perform a search
- Click "Export Search Results"
- All matching events exported
- First load is slow: Parsing large files takes time
- Subsequent loads are fast: Cache is used
- Clear cache: If file is updated, clear cache to reload
- Multiple keywords: "login failed" searches for both words
- Case insensitive: Search is not case-sensitive
- Field-specific: Use advanced search for specific fields
- Built-in rules: 20+ security alert rules included
- Custom rules: Create your own alert rules
- Export/Import: Share rules between systems
- Large files: Application handles files with millions of events
- Memory limit: Keeps max 2 files in memory
- Auto cleanup: Old files automatically unloaded
- Load
Security.evtx - Click "Security Presets" → "Failed Logins"
- View all Event ID 4625 (failed login attempts)
- Check for suspicious patterns
- Load
System.evtx - Use Advanced Search:
- Level = Error
- Time Range = Last 24 hours
- Review error events
- Export for further analysis
- Load
Security.evtx - Click "Security Presets" → "Account Management"
- View all account creation/deletion/modification events
- Check for unauthorized changes
- Load
Security.evtx - Use Advanced Search:
- Event ID = 4688
- Time Range = Custom
- View all process creation events
- Look for suspicious processes
- Check Python version: Must be 3.8+
- Install dependencies: Run
pip install -r requirements.txt - Check logs: Look for error messages in console
- Check file format: Must be .evtx file
- Check permissions: Run as Administrator if needed
- Check file size: Very large files (>2GB) may take time
- Clear cache: Old cache may be corrupted
- Reload file: Close and reopen the file
- Check keyword: Try simpler search terms
- Large file: Parsing takes time on first load
- Low memory: Close other applications
- Clear cache: Remove old cached files
- Ctrl+O: Open file
- Ctrl+F: Focus search box
- Ctrl+E: Export results
- Ctrl+R: Reload file
- Ctrl+Q: Quit application
- Read API Documentation for advanced usage
- Check Architecture to understand internals
- See CONTRIBUTING.md to contribute
For issues and questions:
- GitHub Issues: https://github.com/yourusername/windows-log-analyzer/issues
- Documentation: https://github.com/yourusername/windows-log-analyzer/wiki