Event[0]:
Log Name: Microsoft-Windows-GroupPolicy/Operational
Source: Microsoft-Windows-GroupPolicy
Date: 2014-06-26T13:58:04.290
Event ID: 7320
Task: N/A
Level: Error
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: hostname
Description:
Error: Computer determined to be not in a site. Error code 0x77F.
Event[1]:
Log Name: Microsoft-Windows-GroupPolicy/Operational
Source: Microsoft-Windows-GroupPolicy
Date: 2014-06-26T12:32:30.009
Event ID: 7320
Task: N/A
Level: Error
Opcode: Info
Keyword: N/A
User: S-1-5-21-1024758968-3939101906-3775097912-6653
User Name: whatever
Computer: hostname
Description:
Error: Computer determined to be not in a site. Error code 0x77F.
####
use strict;
use warnings;
# global vars
my ( $hash_ref, $logname, $source, $date, $evt_id, $error, $description) ;
# we'll increase this after every line in the while loop
my $count = 1;
# get every line and save it in $line.
# then separate the lines in $key/$value pairs divided by ':'
while ( my $line = ) {
# a paragragh is a line
$/ = "";
chomp $line;
my @line = split( /[\n\r]/, $line );
for (@line) {
next if $_ =~ /^\w+.*$/;
next if $_ =~ /\s+Description.*$/;
my ( $key, $value ) = split(/: /);
if ( $key =~ m/^\s+Log Name.*$/ ) {
$logname = $value;
}
elsif ( $key =~ m/^\s+Source.*$/ ) {
$source = $value;
}
elsif ( $key =~ m/^\s+Date.*$/ ) {
$date = $value;
}
elsif ( $key =~ m/^\s+Event ID.*$/ ) {
$evt_id = $value;
}
elsif ( $key =~ m/^\s+Level.*$/ ) {
$error = $value;
}
$hash_ref->{$count} = {
Logname => $logname,
Source => $source,
Date => $date,
"Event ID" => $evt_id,
Error => $error,
};
}
$count++;
}
use Data::Dumper;
print Dumper $hash_ref;
__DATA__
here is the dump with the format at the beginning
####
$hash_ref->{$logname} = {
Logname => $logname,
Source => $source,
Date => $date,
"Event ID" => $evt_id,
Error => $error,
};