Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I'm trying to retrieve the full text of an eventlog message, i.e. the text that you see if you use eventvwr and double-click an entry.

If I use GetMessageText and print the Message field I retrieve the full messages for certain sources (eg. DnsApi, NETLOGON, BROWSER), and nothing for other sources (eg. w32time, WMI, b57w2k (broadcom nic driver) 

Win32::EventLog::GetMessageText($hashRef);
print "Entry $x: $hashRef->{Message}\n";

[download]

Example: w32time

From an eventvwr dump to text: "The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible. " From GetMessageText and {Message}: Nothing

Does anyone have any idea why I can retrieve the message for certain sources and not others?

Any help would be gratefully appreciated.

Thanks,

Greg

Replies are listed 'Best First'.
Re: Win32::EventLog *complete* message retrieval
by NetWallah (Canon) on May 27, 2004 at 05:43 UTC
    NT Event message CODES are stored in the event logs.

    The message text is retrieved by the event viewer by calling the dll that wrote the event.

    This is why you can read text for all events ON THE MACHINE WHERE THEY WERE CREATED. When viewing events remotely, eventviewer tries to call the source dll - if it is absent, the text is not translated.

    Hope this helps.

    Offense, like beauty, is in the eye of the beholder, and a fantasy.
    By guaranteeing freedom of expression, the First Amendment also guarntees offense.
[reply]
      Thanks NetWallah.

      I've looked into this further and came across some vb code to query the registry to find out the name of the appropriate binary resource file and retrieve the message using that file. I'll have a play around with that.

      Greg

[reply]

Back to Seekers of Perl Wisdom