Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Access and parse Log-files/Event Logs on a WIN32 network on remote machines?

by matze77 (Friar)
on Sep 10, 2009 at 20:02 UTC ( [id://794649]=perlquestion: print w/replies, xml ) Need Help??

matze77 has asked for the wisdom of the Perl Monks concerning the following question:

Hello

I wonder if you already use some scripts to access protocols in your windows environment?.
i am looking for a possibility to search the logfiles of remote computers and extract warnings and errors (at the same physical network, which i got administrative access).
--
My mousearm is getting lame searching that tons of protocols every morning ...
And some "user" machines seldom "visited" produce erros without noticed by administrators (before they surprisingly fail some day) for months sometimes ...
--
Maybe you have some suggestions for modules i could use or already a nice script which i could modify.
I think of something like:

1. Connect to the remote registry.
2. Parse the remote registry for warnings and errors (only the last 1-2 days).
3. create a text with hostname (or html) file which could be viewed easily.
Or if you got a better suggestion how to do it, would be nice if you shared it ...

Thanks in Advance
MH
  • Comment on Access and parse Log-files/Event Logs on a WIN32 network on remote machines?

Replies are listed 'Best First'.
Re: Access and parse Log-files/Eventprotocols on a WIN32 network on remote machines?
by ramlight (Friar) on Sep 10, 2009 at 20:21 UTC
    I've had good luck with Win32::TieRegistry for working with the Registry on my local machine. The documentation suggests that starting a key with \\remotesysname\... will connect you to a remote system's Registry, but I have not tried it.

    The real question in my mind however, is whether you really want the Registry at all. Are you perhaps looking for the Event Log? (I don't have a good answer for reading remote event logs but I think that it is possible.)

[reply]

      At this time i dont want the registry.
      I am searching for access to the Event Log.
      Corrected the headline ...
      But thanks i might need that registry module soon i think ...

      Thanks MH

[reply]
Re: Access and parse Log-files/Event Logs on a WIN32 network on remote machines?
by cdarke (Prior) on Sep 11, 2009 at 08:55 UTC
    Win32::EventLog doc:
    For EventLogs on remote machines, the SOURCENAME parameter must therefore be specified as a UNC path.

    In particular see  $Win32::EventLog::GetMessageText
[reply]
[d/l]
      Thanks for reminding me about Win32::EventLog. I had forgotten that I had done a quick exploration with that. I abandonned it when I found that some of the older versions of Perl did not return the message text for me. (These are old systems used for regression testing so upgrading Perl is not possible on them.)

      In any case, here is the code that I was experimenting with. I make no promises about it how well it works since I haven't used it in a while and it never got used past those first trials. But perhaps it will give you a start. 

      use Win32::EventLog;
$Win32::EventLog::GetMessageText = 1; # This is required if you want t
+o see the text of the messages!
 
$limit = $ARGV[0] || 100;
$computer = $ARGV[1];
 
my ($EventLog, $count, $first, $key);

%type = (1 => "ERROR", 
         2 => "WARNING", 
         4 => "INFORMATION", 
         8 => "AUDIT_SUCCESS", 
        16 => "AUDIT_FAILURE"); 
 
$first = $count = 0;

if ($computer)
{
    $EventLog = new Win32::EventLog('System', $computer) || die $!;
}
else
{
    $EventLog = new Win32::EventLog('System') || die $!;
} 
 
$EventLog->GetOldest(\$first) || die $!;
$EventLog->GetNumber(\$count) || die $!;
$EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ), $first
++$count, $entry);
 
for $i ($first+$count-$limit+1..$first+$count)
{
    $result = $EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKW
+ARDS_READ),0,$entry);
    ($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime(
+$entry->{TimeGenerated});;
    my $date = sprintf("%02d/%02d/%d %02d:%02d:%02d",
                         $mon+1, $mday, $year+1900,
                           $hour, $min, $sec);

    print "$date   $entry->{Computer} ";
    printf ("[%4d]", $entry->{EventID} & 0xffff);
    print "    (result=$result)\n";
    print "    Source: $entry->{Source}\n";
    print "    Type:   $type{$entry->{EventType}}\n";
    print $entry->{Message}; 
    print "\n";
}

      [download]
[reply]
[d/l]
Re: Access and parse Log-files/Event Logs on a WIN32 network on remote machines?
by matze77 (Friar) on Oct 13, 2009 at 05:27 UTC

    Some things i found, helped in addition to the suggest modules:
    Scriptomatic 2.0 (Microsoft)
    Utility that helps you write WMI scripts for system administration (produces Perl, vbscript, jscript code ...).
    eldump.
    (Works on Windows XP too, Dumps EventLog)

    Thanks MH
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://794649]
Approved by bingos
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-04-19 05:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found