pip install pywin32
   

   import win32evtlog
   import win32evtlogutil
   import win32security
   import win32api
   import calendar
   import datetime
   import re

   def search_and_delete_events(process_name=None, pid=None):
       server = 'localhost'  # The server to connect to
       logtype = 'Application'  # Could be 'System', 'Security', etc.

       # Search criteria
       if process_name is None and pid is None:
           print("You must specify either a process name or a PID.")
           return

       # Open the event log
       hand = win32evtlog.OpenEventLog(server, logtype)
       flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ

       total = win32evtlog.GetNumberOfEventLogRecords(hand)
       print(f"Total number of records: {total}")

       events = []
       
       while True:
           events_buffer = win32evtlog.ReadEventLog(hand, flags, 0)
           if not events_buffer:
               break
           events.extend(events_buffer)

       for event in events:
           try:
               data = event.StringInserts
               event_id = event.EventID
               event_time = event.TimeGenerated.Format()  # Convert time to readable format
               source = event.SourceName

               match_process = process_name and process_name.lower() in (data[0].lower() if data else "")
               match_pid = pid and any(f'PID:{pid}' in insert for insert in data)
               
               if match_process or match_pid:
                   print(f"Found Event {event_id} at {event_time} Source: {source}")
                   for i, insert in enumerate(data):
                       print(f"String insert {i+1}: {insert}")

                   win32evtlogutil.ReportEvent(
                       source,
                       event_id,
                       eventCategory=0,
                       eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
                       strings=[f"Deleting Event {event_id}", "For privacy or maintenance."]

                   )
                   # Here is where deletion would be implemented if possible through Event
                   # Logs. Normally, events are not "deleted", but you can clear the log.
           except Exception as e:
               print(f"Error processing event: {e}")

       win32evtlog.CloseEventLog(hand)
       print("Finished processing.")

   if __name__ == "__main__":
       # Change the following line with the process name or pid you want to search
       search_and_delete_events(process_name="example.exe", pid=None)
   

import win32evtlog
import win32evtlogutil
import win32event
import win32api
import win32con
import argparse
import sys

def search_event_logs(server, log_type, process_name=None, process_id=None):
    flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
    hand = win32evtlog.OpenEventLog(server, log_type)
    total = win32evtlog.GetNumberOfEventLogRecords(hand)

    events = []
    while True:
        events_raw = win32evtlog.ReadEventLog(hand, flags, 0)
        if not events_raw:
            break

        for event in events_raw:
            if process_name and process_name.lower() in str(event.StringInserts).lower():
                events.append(event)
            elif process_id and process_id in str(event.StringInserts):
                events.append(event)

    win32evtlog.CloseEventLog(hand)
    return events

def main():
    parser = argparse.ArgumentParser(description='Search Windows event logs for specific process and optionally delete it.')
    parser.add_argument('--logtype', required=True, help='The log file type, for example: Application, System')
    parser.add_argument('--processname', help='Process name to search for.')
    parser.add_argument('--processid', help='Process ID to search for.')
    
    args = parser.parse_args()

    if not (args.processname or args.processid):
        print("You need to specify either processname or processid.")
        sys.exit(1)

    # The 'localhost' can be replaced with a remote server name if required
    server = 'localhost'
    
    try:
        events = search_event_logs(server, args.logtype, args.processname, args.processid)
        if events:
            print(f"Found {len(events)} events related to process.")
            for event in events:
                print(f"Event Category: {event.EventCategory}\n"
                      f"Time Generated: {event.TimeGenerated}\n"
                      f"Source Name: {event.SourceName}\n"
                      f"Event ID: {event.EventID}\n"
                      f"Event Type: {event.EventType}\n"
                      f"Inserts: {event.StringInserts}")
                print('-' * 60)
        else:
            print("No related events found.")
    
    except Exception as e:
        print(f"An error occurred: {e}")

if __name__ == "__main__":
    main()

import os
import xml.etree.ElementTree as ET
import win32evtlog

def get_event_logs(source):
    # Open the event log
    handle = win32evtlog.OpenEventLog(None, source)
    
    # Read the logs, you might adjust the number of records
    flags = win32evtlog.EVENTLOG_FORWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
    events = win32evtlog.ReadEventLog(handle, flags, 0)
    
    return events

def filter_events_by_process(events, process_name=None, pid=None):
    filtered_events = []

    for event in events:
        try:
            # Convert the event to XML format
            data = win32evtlog.EvtFormatMessage(event, None, win32evtlog.EvtFormatMessageXml)
            
            # Parse the XML to find target process name or PID
            root = ET.fromstring(data)
            
            # Inspect or modify this condition to better suit your needs
            if root.find('.//Data[@Name="ProcessName"]') is not None:
                found_process = root.find('.//Data[@Name="ProcessName"]').text
                if process_name and process_name.lower() in found_process.lower():
                    filtered_events.append(event)

            if root.find('.//Data[@Name="ProcessId"]') is not None:
                found_pid = root.find('.//Data[@Name="ProcessId"]').text
                if pid and str(pid) == found_pid:
                    filtered_events.append(event)

        except Exception as e:
            print(f"An error occurred: {e}")

    return filtered_events

def main():
    log_source = "Application"  # Customize this, options could be "System", "Security", etc. based on your requirements.
    
    events = get_event_logs(log_source)
    process_name = 'notepad.exe'  # Replace with your target process name
    pid = '1234'  # Replace with your target PID

    filtered_events = filter_events_by_process(events, process_name, pid)
    
    print(f"Filtered {len(filtered_events)} events related to process '{process_name}' or PID '{pid}'.")
    # Note: Events are not being deleted, careful consideration and system-level permissions would be needed

if __name__ == "__main__":
    main()

import re

def remove_log_entries(log_file_path, output_file_path, search_term):
    """
    Remove log entries related to a specific process name or PID from a text log file.
    
    :param log_file_path: Path to the original log file.
    :param output_file_path: Path where the modified log file will be saved.
    :param search_term: Process name or PID to search for.
    """
    try:
        with open(log_file_path, 'r') as file:
            lines = file.readlines()
        
        with open(output_file_path, 'w') as file:
            for line in lines:
                if search_term not in line:
                    file.write(line)
        print(f"Log entries related to '{search_term}' have been removed.")
        print(f"Modified log file is saved at: {output_file_path}")
    except Exception as e:
        print(f"An error occurred: {e}")

# Example usage
log_file_path = 'path_to_your_log_file.log'
output_file_path = 'path_to_modified_log_file.log'
search_term = 'process_name_or_pid_to_search'
remove_log_entries(log_file_path, output_file_path, search_term)

import sys
import subprocess
from xml.etree import ElementTree

def find_events(process_name=None, pid=None):
    # Uses the Get-WinEvent cmdlet to fetch logs
    query = "*[System/Provider/@Name='{}']".format(process_name) if process_name else "*"
    command = f"Get-WinEvent -FilterXPath '{query}' | Format-List -Property *"

    process = subprocess.Popen(["powershell", "-Command", command], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()

    if error:
        print(f"Error fetching events: {error.decode()}")
        return []

    events = []
    current_event = {}
    for line in output.decode().splitlines():
        line = line.strip()
        if line == "":
            if current_event:
                events.append(current_event)
                current_event = {}
        else:
            key, value = line.split(":", 1)
            current_event[key.strip()] = value.strip()

    if current_event:
        events.append(current_event)
    
    return events

def filter_events_by_pid(events, pid):
    filtered_events = []
    for event in events:
        if 'ProcessId' in event and event['ProcessId'] == str(pid):
            filtered_events.append(event)
    return filtered_events

def main(process_name=None, pid=None):
    if not process_name and not pid:
        print("Please specify a process name or PID.")
        return

    events = find_events(process_name=process_name)
    if pid:
        events = filter_events_by_pid(events, pid)

    print(f"Found {len(events)} events related to process '{process_name}' or PID '{pid}':")
    for event in events:
        print(event)

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python script.py <ProcessName> [PID]")
        sys.exit(1)

    process_name = sys.argv[1]
    pid = sys.argv[2] if len(sys.argv) > 2 else None

    main(process_name=process_name, pid=pid)

   python search_logs.py <ProcessName> [PID]