libevt - Library and tools to access the Windows Event Log (EVT) format

Distribution: ALT Linux Sisyphus
Repository: Classic x86_64
Package name: libevt
Package version: 20140411
Package release: alt1
Package architecture: x86_64
Package type: rpm
Installed size: 409.85 KB
Download size: 409.85 KB
Official Mirror:
libevt is a library and tools to access the Windows Event Log (EVT) format. For the Windows XML Event Log (EVTX) format, see libevtx.



  • libevt = 20140411-alt1


    Install Howto

    1. Add the following line to /etc/apt/sources.list:
      rpm [Sisyphus] x86_64 classic
      rpm [Sisyphus] noarch classic
    2. Update the package index:
      # sudo apt-get update
    3. Install libevt rpm package:
      # sudo apt-get install libevt


    • /usr/lib64/
    • /usr/lib64/
    • /usr/share/doc/libevt-20140411/AUTHORS
    • /usr/share/doc/libevt-20140411/ChangeLog
    • /usr/share/doc/libevt-20140411/README


    2014-05-11 - Michael Shigorin <> 20140411-alt1 - new version (watch file uupdate)

    2014-05-11 - Michael Shigorin <> 20131013-alt1 - initial build for ALT Linux Sisyphus

    2013-11-14 - - update to 20131013 * worked on, largely for MSI builds * updated dependencies * worked on libcthreads build support - use libcthreads and libcfile from factory

    2013-07-31 - - update to 20130727 * updated dependencies * pyevt - changed event identifier to an unsigned long - fixes fro >2G file objects in BFIO glue code * worked on tests * bug fix for wrapped event record * fixed codepage 1255 restriction * updates and bug fixes in pyevt * implemented libfdata support to improve handling of large EVT files * remove item flags * added support for truncated event record corruption scenario * fixed codepage 949 and 950 restriction - change to gz compression to simplyfy download/convert - use libyal factory packages if possible

    2013-04-03 - - Cleanups: Set RPM group, license, summary and description metadata; remove unused %py_requires; do not bloat shlib package with documentation - Use system libraries instead of bundled ones where possible - Name the tools package according to upstream's recommendation - Drop unnecessary -fno-strict-aliasing

    2013-03-27 - - initial package (version 20130319) for