Win32::EventLog to CSV

Zitoune has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to get all the entry for the Application & system Log. The thing is that i want it to be on a .csv format. When i'm doing a backup it's giving me all weird character. I found this example :

handle=Win32::EventLog->new("system",$ENV{ComputerName});
$handle->GetNumber($recs);
$handle->GetOldest($base);
while ( $x < $recs )
{
      $handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$base+$x
+,$HashRef);
     
     if ( $HashRef->{Source} eq "EventLog")
     {
          Win32::EventLog::GetMessageText($HashRef);
        print FH "Entry $x : $HashRef->{Message}\n";
     }
     else
     {
           Win32::EventLog::GetMessageText($HashRef);
         print FH2 "Entry $x : $HashRef->{Message}\n";
     }
[download]

It's only giving me a part of what i want. I would like to have all the information from each entry of the log. I read a bit over the internet about it and couldn't find what i was looking for. I'm sure one of you monks will know the answer ;-) _{janitored by ybiC: Retitle from "Win32::EventLog" for better searching}

Comment on Win32::EventLog to CSV Download Code

Replies are listed 'Best First'.
Re: Win32::EventLog to CSV by traveler (Parson) on Feb 03, 2004 at 22:17 UTC
I used this code and it worked for me. Remember, you only ask for the 'system' log, not 'application' or 'security. I think you need to ask for those separately. Also, I did it on the local machine so a computername was not necessary in new(). Dumper shows the other values in the hash: some must be translated to be read. The EventLog doc describes how to decode EventType, for example. Not all fields (clearly) appear for each entry. You have to decide what is important (e.g. time) for your csv. --traveler use Win32; use Win32::EventLog; use Data::Dumper; $handle=Win32::EventLog->new("system"); $handle->GetNumber($recs); $handle->GetOldest($base); $x = 0; while ( $x < $recs ) { $handle->Read(EVENTLOG_FORWARDS_READ\|EVENTLOG_SEEK_READ,$base+$x +,$HashRef); if ( $HashRef->{Source} eq "EventLog") { Win32::EventLog::GetMessageText($HashRef); print "EventLog Entry $x : $HashRef->{Message}\n"; print Dumper($HashRef); } else { Win32::EventLog::GetMessageText($HashRef); print "Other Entry $x : $HashRef->{Message}\n"; print Dumper($HashRef); } $x++; } [download]	[reply] [d/l]
Re: Win32::EventLog to CSV by Zitoune (Beadle) on Feb 05, 2004 at 14:46 UTC
k, but this is not giving me what i needed. How are you supposed to get all the values for each row in the event log.	[reply]
Re^2: Win32::EventLog to CSV by slloyd (Hermit) on Jun 09, 2005 at 19:20 UTC
This should give you the value for every key in the hash. `use Win32; use Win32::EventLog; $handle=Win32::EventLog->new("system"); $handle->GetNumber($recs); $handle->GetOldest($base); $x = 0; while ( $x < $recs ){ %Hash=(); $handle->Read(EVENTLOG_FORWARDS_READ\|EVENTLOG_SEEK_READ,$base+$x,\ +%Hash); my $message=Win32::EventLog::GetMessageText(\%Hash); foreach my $key (sort(keys(%Hash))){ print "\t$key=$Hash{$key}\n"; } print "$message\n"; $x++; }` [download]	[reply] [d/l]