Description
read_syslog is a text-based log reader designed for Unix /var/log/syslog. On Windows, there is no equivalent — the tool has no way to read Windows Event Logs (Security, System, Application channels) which are stored in binary EVTX format.
This means the syslog-summary task and any log-analysis workflow is effectively non-functional on Windows, despite Windows being a primary target platform for security triage.
Expected Behavior
Add a read_eventlog tool (or extend read_syslog with Windows support) that can:
- Query Windows Event Log channels (Security, System, Application)
- Filter by event ID, level, time range
- Return structured entries (timestamp, source, event ID, message)
Could be implemented via wevtutil qe (already a system binary) or the winlog crate.
Affected Files
cyber_tools/src/lib.rs (new tool implementation)core_engine/src/lib.rs (tool registry)
Description
read_syslogis a text-based log reader designed for Unix/var/log/syslog. On Windows, there is no equivalent — the tool has no way to read Windows Event Logs (Security, System, Application channels) which are stored in binary EVTX format.This means the
syslog-summarytask and any log-analysis workflow is effectively non-functional on Windows, despite Windows being a primary target platform for security triage.Expected Behavior
Add a
read_eventlogtool (or extendread_syslogwith Windows support) that can:Could be implemented via
wevtutil qe(already a system binary) or thewinlogcrate.Affected Files
cyber_tools/src/lib.rs(new tool implementation)core_engine/src/lib.rs(tool registry)