finished with updates to dump_json

ajread4 · ajread4 · commit df24946f1725 · 2022-12-20T15:07:34.000-05:00
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ python-evtx operates on event log files from Windows operating systems newer tha
 
 Examples
 --------
-Provided with the parsing module `Evtx` are four scripts that mimic the tools distributed with Parse-Evtx.  `evtx_info.py` prints metadata about the event log and verifies the checksums of each chunk.  `evtx_templates.py` builds and prints the templates used throughout the event log. `evtx_dump.py` parses the event log and transforms the binary XML into a human readable ASCII XML format. Finally, `evtx_dump_json.py` parses event logs, similar to `evtx_dump.py` and transforms the binary XML into JSON with the added capability to output new line delimited JSON to a file. 
+Provided with the parsing module `Evtx` are four scripts that mimic the tools distributed with Parse-Evtx.  `evtx_info.py` prints metadata about the event log and verifies the checksums of each chunk.  `evtx_templates.py` builds and prints the templates used throughout the event log. `evtx_dump.py` parses the event log and transforms the binary XML into a human readable ASCII XML format. Finally, `evtx_dump_json.py` parses event logs, similar to `evtx_dump.py` and transforms the binary XML into JSON with the added capability to output the JSON array to a file. 
 
 Note the length of the `evtx_dump.py` script: its only 20 lines.  Now, review the contents and notice the complete implementation of the logic:
 
diff --git a/scripts/evtx_dump_json.py b/scripts/evtx_dump_json.py
@@ -2,7 +2,8 @@
 #   This file is part of python-evtx.
 #   Written by AJ Read with help from evtx_dump.py file written by Willi Ballenthin.
 #
-#   Purpose: User can dump evtx data into JSON format to either the command line or a JSON file in new line delimited format.
+#   Purpose: User can dump evtx data into JSON format to either the command line or a JSON file in new line delimited format/JSON array.
+#   Details: The JSON object is created with only the EventRecordID from the System section of the evtx XML and all of the information within the EventData section.
 
 import Evtx.Evtx as evtx
 import Evtx.Views as e_views

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,8 @@`
`2`	`2`	`# This file is part of python-evtx.`
`3`	`3`	`# Written by AJ Read with help from evtx_dump.py file written by Willi Ballenthin.`
`4`	`4`	`#`
`5`		`-# Purpose: User can dump evtx data into JSON format to either the command line or a JSON file in new line delimited format.`
	`5`	`+# Purpose: User can dump evtx data into JSON format to either the command line or a JSON file in new line delimited format/JSON array.`
	`6`	`+# Details: The JSON object is created with only the EventRecordID from the System section of the evtx XML and all of the information within the EventData section.`
`6`	`7`
`7`	`8`	`import Evtx.Evtx as evtx`
`8`	`9`	`import Evtx.Views as e_views`