sql-xel-parser 1.0.0__py3-none-any.whl

sql_xel_parser-1.0.0.dist-info/METADATA

@@ -0,0 +1,139 @@
+Metadata-Version: 2.4
+Name: sql-xel-parser
+Version: 1.0.0
+Summary: Parse and analyze SQL Server Extended Events (.xel) files
+Home-page: https://github.com/josephvolmer/sql-xel-parser
+Author: SQL XEL Parser Contributors
+Author-email: 
+License: MIT
+Project-URL: Homepage, https://github.com/josephvolmer/sql-xel-parser
+Project-URL: Documentation, https://github.com/josephvolmer/sql-xel-parser/blob/main/README.md
+Project-URL: Repository, https://github.com/josephvolmer/sql-xel-parser
+Project-URL: Bug Tracker, https://github.com/josephvolmer/sql-xel-parser/issues
+Keywords: xel,sql-server,extended-events,audit-logs,parser
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: Topic :: Database
+Classifier: Topic :: System :: Logging
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: python-dateutil>=2.8.0
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# SQL XEL Parser
+
+Parse and analyze SQL Server Extended Events (.xel) files without requiring SQL Server.
+
+Tested with **671 production Azure SQL audit log files**. Works cross-platform (Linux, macOS, Windows).
+
+## Features
+
+✅ **No SQL Server Required** - Parse binary XEL files using UTF-16 extraction
+✅ **Multiple Export Formats** - JSON, JSON Lines, CSV, Text, Markdown, Summary
+✅ **Advanced Filtering** - By event name, time range, field values, regex search
+✅ **Analysis Tools** - Aggregation, grouping, counting, top-N queries
+✅ **Batch Processing** - Recursive directory processing with 671+ file support
+✅ **Python API** - Use programmatically in your own scripts
+✅ **CLI Tool** - Powerful command-line interface
+
+## Installation
+
+```bash
+pip install sql-xel-parser
+```
+
+## Quick Start
+
+### Command Line
+
+```bash
+# Get summary of XEL files
+sql-xel-parser audit.xel -f summary
+
+# Export to JSON
+sql-xel-parser audit.xel -o events.json
+
+# Process entire directory
+sql-xel-parser /path/to/logs/ -r -f summary
+
+# Search for security events
+sql-xel-parser audit.xel --search "fail|error|denied" -o security.json
+
+# Export to CSV for Excel
+sql-xel-parser audit.xel -f csv -o export.csv
+```
+
+### Python API
+
+```python
+from sql_xel_parser import XELParser, XELAnalyzer, XELConverter
+
+# Parse XEL file
+parser = XELParser('audit.xel')
+events = list(parser.parse())
+
+# Analyze and filter
+analyzer = XELAnalyzer(events)
+failed_logins = analyzer.search('(?i)fail|error')
+
+# Export results
+converter = XELConverter()
+json_output = converter.to_json(failed_logins.get_events(), indent=2)
+```
+
+## What Gets Extracted
+
+**Successfully extracted:**
+- Event names and types
+- Timestamps
+- SQL statements and error messages
+- Server names, databases, IPs
+- Usernames and session IDs
+- All text-based audit data
+
+**May be incomplete:**
+- Pure numeric fields without string representation
+- Binary data types (BLOB)
+- Complex nested binary structures
+
+Uses UTF-16 string extraction method - ideal for text-heavy events like audit logs and security monitoring.
+
+## Use Cases
+
+- **Azure SQL Audit Logs** - Primary use case, tested with production data
+- **Security & Compliance** - Track access patterns and failed logins
+- **SQL Server Extended Events** - Parse system_health, query tracking
+- **Automated Monitoring** - CI/CD pipelines and scheduled analysis
+- **SIEM Integration** - Export to Splunk, ELK, or other log analysis tools
+
+## Documentation
+
+- [Full Documentation](https://github.com/josephvolmer/sql-xel-parser)
+- [Quick Start Guide](https://github.com/josephvolmer/sql-xel-parser/blob/main/QUICKSTART.md)
+- [Advanced Usage](https://github.com/josephvolmer/sql-xel-parser/tree/main/docs)
+- [Python API Examples](https://github.com/josephvolmer/sql-xel-parser/tree/main/examples)
+
+## Requirements
+
+- Python 3.8+
+- python-dateutil
+
+## License
+
+MIT License
+
+## Links
+
+- **GitHub**: https://github.com/josephvolmer/sql-xel-parser
+- **Issues**: https://github.com/josephvolmer/sql-xel-parser/issues
+- **Documentation**: https://github.com/josephvolmer/sql-xel-parser/blob/main/README.md

sql_xel_parser-1.0.0.dist-info/RECORD

@@ -0,0 +1,13 @@
+sql_xel_parser/__init__.py,sha256=nk_TPpfa83CMpesGfWTK6m-MDjykbvXkzur6Eq40W4o,482
+sql_xel_parser/__main__.py,sha256=pOR--1UXFozsUPexBY5eAaTnJQp2LSQDCIG_MngbQ-A,116
+sql_xel_parser/analyzer.py,sha256=gUZqBz_aZaKTirtg5GK7DwT7AayuerSquA4L8gafmEo,12210
+sql_xel_parser/cli.py,sha256=x9ySI4zqYlOibEK-qLTbFmEllMyLcSpQWBJUndaju4o,11478
+sql_xel_parser/converter.py,sha256=XTmawEpDKuTWbvmHAiS7Sbm4MSePbvdKaS6B63Va9rs,8364
+sql_xel_parser/parser.py,sha256=FmKp0hqRpNmrQfr7W9XDQPultwf7gl_P-ORtoDDQY6Y,12739
+sql_xel_parser/real_parser.py,sha256=bPUwowE1u7XZsIfk638s-H3hOHM5JCUlSyw4Itp1Njc,8798
+sql_xel_parser-1.0.0.dist-info/licenses/LICENSE,sha256=TxlSeOaNtbckckSIoywlnyI8ALa4FLBWhoCfn0rGNW4,1080
+sql_xel_parser-1.0.0.dist-info/METADATA,sha256=0QDny5xuWLPbj-eXfcI76GWugpEb-ZjIFgHuQ9IKiEk,4419
+sql_xel_parser-1.0.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+sql_xel_parser-1.0.0.dist-info/entry_points.txt,sha256=JiHLp-Wk-ogQ3jE5QLzWOw7yHqxpPnjGV3Ogk-QilgQ,59
+sql_xel_parser-1.0.0.dist-info/top_level.txt,sha256=zh26cjH80qEB4YuB8tIqs_H3Tm7-NpbqthOhjaXalrw,15
+sql_xel_parser-1.0.0.dist-info/RECORD,,

sql_xel_parser-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

sql_xel_parser-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+sql-xel-parser = sql_xel_parser.cli:main

sql_xel_parser-1.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 XEL Parser Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sql_xel_parser-1.0.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+sql_xel_parser