python 求组如何倒着读取window的系统日志,evtx文件?

作者站长头像
站长
· 阅读数 7

python  求组如何倒着读取window的系统日志,evtx文件?

python读取window的日志文件(.evtx)的时候,如果是正常读会读到很久之前的日志。从第一行日志往后读的话会浪费很多时间因为用最近几天的日志,想问问各位大佬如何倒着读这个文档!

回复
1个回答
avatar
test
2024-06-27

示例文件 go.mod:

module daily/gui

go 1.20

require (
    github.com/ncruces/zenity v0.10.10
    gocv.io/x/gocv v0.33.0
)

require (
    github.com/akavel/rsrc v0.10.2 // indirect
    github.com/dchest/jsmin v0.0.0-20220218165748-59f39799265f // indirect
    github.com/josephspurrier/goversioninfo v1.4.0 // indirect
    github.com/randall77/makefat v0.0.0-20210315173500-7ddd0e42c844 // indirect
    github.com/stretchr/testify v1.8.0 // indirect
    golang.org/x/image v0.12.0 // indirect
    golang.org/x/sys v0.12.0 // indirect
)

示例代码:

import os


def readlines_reverse(filename):
    with open(filename, "r", encoding="utf-8") as f:
        f.seek(0, os.SEEK_END)  # move to end of file

        position = f.tell()
        line = ""

        while position >= 0:
            f.seek(position)  # move back one character
            next_char = f.read(1)
            if next_char == "\n":
                yield line[::-1]
                line = ""
            else:
                line += next_char

            position -= 1

        yield line[::-1]


if __name__ == "__main__":
    for line in readlines_reverse("./go.mod"):
        print(line)

结果:

)
        golang.org/x/sys v0.12.0 // indirect
        golang.org/x/image v0.12.0 // indirect
        github.com/stretchr/testify v1.8.0 // indirect
        github.com/randall77/makefat v0.0.0-20210315173500-7ddd0e42c844 // indirect
        github.com/josephspurrier/goversioninfo v1.4.0 // indirect
        github.com/dchest/jsmin v0.0.0-20220218165748-59f39799265f // indirect
        github.com/akavel/rsrc v0.10.2 // indirect
require (

)
        gocv.io/x/gocv v0.33.0
        github.com/ncruces/zenity v0.10.10
require (

go 1.20

module daily/gui
回复
likes
适合作为回答的
  • 经过验证的有效解决办法
  • 自己的经验指引,对解决问题有帮助
  • 遵循 Markdown 语法排版,代码语义正确
不该作为回答的
  • 询问内容细节或回复楼层
  • 与题目无关的内容
  • “赞”“顶”“同问”“看手册”“解决了没”等毫无意义的内容