GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python. It is loosely based on the PHP script and documentation provided by Jamie French, which can be obtained here.
Currently the scripts work together on one or more mounted Windows® partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. Please review the dependencies and FAQ before using. Also, you can check out the project's goals to read up on the objectives of future releases.
You may download the latest release, or grab the latest code out of our source repository. Also, we have some links posted to some related information and projects. Finally, the latest updates on the project status can be found on our news page.
See the credits for a list of contributors to the project. If you are interested in contributing, please check out the project goals page first, and then download the newest version from GitHub. (Sorry, svn commit access isn't available. Please post any patches you have to the mailing list, and I'll commit them manually.)