winevt
winevt copied to clipboard
bannsec
Encoding issue with ISO-8859
Hello
I copy/pasted your 3rd example about reading events. It works sometimes, but I hit this encoding issue, most likely some event encoded in ISO-8859...
Traceback (most recent call last):
File "C:/Users/Administrateur/Desktop/python_test.py", line 55, in <module>
for event in query:
File "C:\Python36\lib\site-packages\winevt\EventLog\Query.py", line 70, in __next__
logger.error(get_last_error())
File "C:\Python36\lib\site-packages\winevt\__init__.py", line 64, in get_last_error
return ffi.string(ffi.cast("char **",buf)[0][0:chars]).decode('utf-8').strip("\r\n")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 8: invalid continuation byte
Reading your code, there's no option to change encoding if needed, might be a good idea ?
Ack. Thanks! You're right. I don't believe I need to have encoding as an option for the moment, but I am explicitly using the ANSI call, which means I should be using something like s.decode('windows-1252') to properly decode instead of utf-8. That should solve this issue and make it compliant with the ANSI call in general.
Guessing i did this elsewhere too... Will need to check.
Hey, haven't had a change to rebuild this. Basically, you should be able to change the .decode('utf-8') to .decode('windows-1252'). That encoding is specifically the one that Windows claims to use for basically everything. That said, I have not tried this out on non-English languages, so you maybe would need to change that for a different encoding.
I'd give that change a try first as it should work.
Python has a special encoding called "ANSI" on windows, which selects the current running windows' ansi encoding page. You should either use that as encoding or use the unicode calls.
I created a fork with a fix for the encoding. You might want to try https://github.com/schorschii/winevt_ng.
