0: #!perl -w
1:
2: #it scan the EventLog from now to the last time it had run
3: #looking for a couple of event qualified by source-IDnum in #the variables $coppia1 and $coppia2
4:
5: use Win32::EventLog;
6: use strict;
7: use vars qw();
8:
9: my $now=time;
10: my $lasttime=0; #this is the value that sub changemyself
11: &changemyself(); #will change
12: my $coppia1="FTPCtrs 1000";
13: my $coppia2="MSMQ 2028";
14: my $cond1=undef;
15: my $cond2=undef;
16: my $periodo=(localtime($lasttime))."\t-\t".(localtime($now))."\n\n\n";
17: print $periodo;
18: my $num;
19:
20: my $event = new Win32::EventLog("Application", ".", EVENTLOG_INFORMATION_TYPE, EVENTLOG_ERROR_TYPE, EVENTLOG_WARNING_TYPE);
21:
22: if(! $event){die "Impossibile aprire i log: $!"}
23:
24: if(! $event->GetNumber($num)) {die "Impossibile leggere gli eventi: $!"}
25:
26: while ($num--) {
27: my $flag = EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ;
28: my $ret;
29: my %hash;
30:
31: $ret = $event->Read($flag, 0, \%hash);
32: if (! $ret) {
33: die "Impossibile leggere: $!";
34: }
35: my $linea= $num."\t".$hash{TimeGenerated}." ".$hash{Source}." ".($hash{EventID} & 0xffff)."\n";
36: print $linea;
37: unless($hash{TimeGenerated}>$lasttime){die "scansione completata del periodo $periodo\n"}
38: if ($linea=~/$coppia1/){$cond1=1}
39: if (($linea=~/$coppia2/)and ($cond1=1)){&azione($linea)}
40: }
41: sub azione
42: {
43: $_=shift;
44: print"\n\n\n\n\n\n";
45: die "trovati!!\t$_"
46: }
47:
48:
49: sub changemyself{
50: open (COPIA, ">copia");
51: open (PROG, "+>>$0");
52: seek (PROG, 0, 0);
53:
54: while (<PROG>)
55: {
56: s/^(my .lasttime\s*=\s*)\d+(\s*;)/$1.$now.$2/e;
57: print COPIA;
58: }
59: close (PROG);
60: close (COPIA);
61:
62: open (COPIA, "<copia");
63: open (PROG, ">$0");
64: while (<COPIA>){print PROG}
65: close (PROG);
66: close (COPIA);
67: unlink ("copia");
68: }
69:
In reply to win32 Scan EventLog & Do something & update the code by Discipulus
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |