use Win32::EventLog;
$Win32::EventLog::GetMessageText = 1; # This is required if you want t
+o see the text of the messages!
$limit = $ARGV[0] || 100;
$computer = $ARGV[1];
my ($EventLog, $count, $first, $key);
%type = (1 => "ERROR",
2 => "WARNING",
4 => "INFORMATION",
8 => "AUDIT_SUCCESS",
16 => "AUDIT_FAILURE");
$first = $count = 0;
if ($computer)
{
$EventLog = new Win32::EventLog('System', $computer) || die $!;
}
else
{
$EventLog = new Win32::EventLog('System') || die $!;
}
$EventLog->GetOldest(\$first) || die $!;
$EventLog->GetNumber(\$count) || die $!;
$EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ), $first
++$count, $entry);
for $i ($first+$count-$limit+1..$first+$count)
{
$result = $EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKW
+ARDS_READ),0,$entry);
($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime(
+$entry->{TimeGenerated});;
my $date = sprintf("%02d/%02d/%d %02d:%02d:%02d",
$mon+1, $mday, $year+1900,
$hour, $min, $sec);
print "$date $entry->{Computer} ";
printf ("[%4d]", $entry->{EventID} & 0xffff);
print " (result=$result)\n";
print " Source: $entry->{Source}\n";
print " Type: $type{$entry->{EventType}}\n";
print $entry->{Message};
print "\n";
}
|