blackadder has asked for the wisdom of the Perl Monks concerning the following question:

Hi

if I have an error code 6005 and if I want to trap all critical stop errors (code 6005 ) since the last reboot. Can the Win32::EventLog help me with this? And how?

Thanks.
  • Comment on Event viwer activities since the last shutdown.

Replies are listed 'Best First'.
Re: Event viwer activities since the last shutdown.
by CountZero (Bishop) on Aug 12, 2003 at 20:43 UTC

    Provided the EventLog contains somewhere the error number in its messages, the following should work (adapted from an example in the docs): 

    use Win32::EventLog;

 $handle=Win32::EventLog->new("System", $ENV{ComputerName})
     or die "Can't open Application EventLog\n";
 $handle->GetNumber($recs)
     or die "Can't get number of EventLog records\n";
 $handle->GetOldest($base)
     or die "Can't get number of oldest EventLog record\n";

 while ($x < $recs) {
     $handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ, $base+$x
+, $hashRef) or die "Can't read EventLog entry #$x\n";
    Win32::EventLog::GetMessageText($hashRef);
    my $message="Entry " . $x . ":" . $hashRef->{Source} . " ** " . $h
+ashRef->{Message};
    print "$message\n" if $message=~/6005/;
    $x++;
 }

    [download]

    We will leave it as an exercise for the reader (and also because I have not the faintest idea how to do it) to check the date and time of the message so you only display the errors since the last reboot.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
      Many thanks for that Sir,....highly appreciated.

      can I be greedy and ask one more question?....thanks

      I tried using $handle->Report($HashRef), and I got an error back stating that I should use a hash refrence for argumnet no 2 or someting to this effect.
      Then I replaced $HashRef with %HashRef, I got this back "usage: OBJECT->Report(HASHREF )"

      I chucked in a "\" in front HASHREF (with combinations of $ or %) to no avail.....PLease get me out of this misery.

      Cheers
[reply]

        The Report method is used to write into the Event-log and to do that you must first set-up the message you want to write. So I tried the following and it seems to work: 

        use Win32::EventLog;

$handle=Win32::EventLog->new("System", $ENV{ComputerName})
     or die "Can't open Application EventLog\n";

my %reporthash = (EventType => 'EVENTLOG_INFORMATION_TYPE', Category =
+> 'MyCategory', Data => 'My Raw Data Here', Strings => 'My Null-Termi
+nated Strings Here' . chr(0));

$handle->Report(\%reporthash);

        [download]

        I checked with the Event Viewer and the message was indeed put into the event log.

        There are some other fields you can use, such as EventID or Computer or Source. Have a look in the docs to find-out more about these.

        You may also want to have a look at Win32::EventLog::Message. It looks to me that you need this to use all fields of the Eventlog (esp. the Source and EventID fields).

        If you want to have an easy way to write into the Eventlog, check out Win32-EventLog-Carp.

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]

Back to Seekers of Perl Wisdom