use Win32::EventLog;

my $event;



my $eventSource = $ARGV[0];
my $reg_exp = $ARGV[1];
my $limit;

my $first = $count = 0;
my $found = 0;


$EventLog = new Win32::EventLog( $eventSource ) || die $!;
$EventLog->GetOldest($first) || die $!;
$EventLog->GetNumber($count) || die $!;
$Win32::EventLog::GetMessageText = 1;

$EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ),$first+$count,$event);
$limit = getLineno();

if ($limit == 0) {
	print "Windows ".$eventSource." Event Log - Event log has not increased in size";
	exit (0);
}

for $i ($first+$count-$limit+1..$first+$count)
{
$EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),0,$event);
#Win32::EventLog::GetMessageText($event);
#($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime($event->{'TimeGenerated'});;

	 $source = $event->{'Source'};
	 $timewritten   = $event->{'Timewritten'};
	 $id            = $event->{'EventID'} & 0xffff; #to get a readable EventId
	 $type          = $event->{'EventType'};
	 $category      = $event->{'Category'};
	 $strings       = $event->{'Strings'};
     $computer      = $event->{'Computer'};
	 $msg           = $event->{'Message'};	
#to get a readable EventId



#print "$mday/",$mon+1,"/",$year+1900,"t$hour:$mint".$event->{Message}."n";
if ($msg =~ /$reg_exp/)
{
 print "Windows ".$eventSource." Event Log Error-EventID:".$id."-".$msg."\n";
 $found = 1;
}
}
$EventLog->Win32::EventLog::Close;  
  if ($found == 0) {
	   print "Windows ".$eventSource." Event Log - No Errors in Event log for this run";
	   exit (0);
  }