给定以下 struct 的XML文件:
<log>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<EventID>1</EventID> # if this is 1
</System>
<EventData>
<Data Name="CommandLine">C:\Windows\system32\wbem\unsecapp.exe -Embedding</Data> # then I want this value
</EventData>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<EventID>2</EventID>
</System>
<EventData>
<Data Name="CommandLine">C:\Windows\system32\wbem\unsecapp.exe -Embedding</Data>
</EventData>
</Event>
</log>
如果<EventID> = 1,我想判断所有<Event>,然后使用<Data Name='CommandLine'>的值
使用此代码
from lxml import etree as ET
with open(log_file_path, 'r', encoding='utf-8') as file:
log_content = file.read()
root = ET.fromstring(log_content)
ns = {'ns' : 'http://schemas.microsoft.com/win/2004/08/events/event'}
root.xpath("//ns:Event[System/EventID='1']/EventData/Data[@Name='CommandLine']", namespaces=ns)
一无所获.
我用相同的XML在一个在线XPath工具中try 了相同的XPath查询//Event[System/EventID='1']/EventData/Data[@Name='CommandLine'],它可以正常工作.
我想不出这个问题,你有什么 idea 吗?