This project is driven by three goals, in order: correctness, simplicity of use, and speed.
When I started this project, I could find no other projects or products that could fully parse event logs and generate coherent output from Linux. I decided to write one, so I would be able to obtain information from event logs during forensic investigations from Linux, without having to restore the image, or copy the event logs to another windoze box (which doesn't always work, btw).
The most important goal of the project is to produce correct output, which matches what is really there. This is essential for investigations, obviously. It must also be simple to use, both at the command line, and by forensic suites in scripts. Speed is also desirable, as event logs can become very large if they aren't rotated.
The more immediate goals for the next release are:
And some goals for future releases: