Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: Access and parse Log-files/Event Logs on a WIN32 network on remote machines?

by ramlight (Friar)
on Sep 11, 2009 at 13:25 UTC ( #794778=note: print w/replies, xml ) Need Help??


in reply to Re: Access and parse Log-files/Event Logs on a WIN32 network on remote machines?
in thread Access and parse Log-files/Event Logs on a WIN32 network on remote machines?

Thanks for reminding me about Win32::EventLog. I had forgotten that I had done a quick exploration with that. I abandonned it when I found that some of the older versions of Perl did not return the message text for me. (These are old systems used for regression testing so upgrading Perl is not possible on them.)

In any case, here is the code that I was experimenting with. I make no promises about it how well it works since I haven't used it in a while and it never got used past those first trials. But perhaps it will give you a start.

use Win32::EventLog; $Win32::EventLog::GetMessageText = 1; # This is required if you want t +o see the text of the messages! $limit = $ARGV[0] || 100; $computer = $ARGV[1]; my ($EventLog, $count, $first, $key); %type = (1 => "ERROR", 2 => "WARNING", 4 => "INFORMATION", 8 => "AUDIT_SUCCESS", 16 => "AUDIT_FAILURE"); $first = $count = 0; if ($computer) { $EventLog = new Win32::EventLog('System', $computer) || die $!; } else { $EventLog = new Win32::EventLog('System') || die $!; } $EventLog->GetOldest(\$first) || die $!; $EventLog->GetNumber(\$count) || die $!; $EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ), $first ++$count, $entry); for $i ($first+$count-$limit+1..$first+$count) { $result = $EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKW +ARDS_READ),0,$entry); ($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime( +$entry->{TimeGenerated});; my $date = sprintf("%02d/%02d/%d %02d:%02d:%02d", $mon+1, $mday, $year+1900, $hour, $min, $sec); print "$date $entry->{Computer} "; printf ("[%4d]", $entry->{EventID} & 0xffff); print " (result=$result)\n"; print " Source: $entry->{Source}\n"; print " Type: $type{$entry->{EventType}}\n"; print $entry->{Message}; print "\n"; }
  • Comment on Re^2: Access and parse Log-files/Event Logs on a WIN32 network on remote machines?
  • Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://794778]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (3)
As of 2022-08-08 04:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?