in reply to Re: A question regarding Win32::EventLog
in thread A question regarding Win32::EventLog

Yeah I spent a little time trying to fix the CR's to no avail. One thing I notice is that the Event ID field doesn't always accurately report. Here is a sample I ran through the windows findstr command (I'm getting around to just installing cygwin): 
perl test.pl | findstr UserID
EventID 8001
EventID 8000
EventID 1073743528
EventID 11707
EventID 1004
EventID 1073743528
EventID 1073743528
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 11707
EventID 11707
EventID 11707
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1269629470
EventID 1000
Those 10 digit numbers are a mystery. The other ones like 1000 seem to match up correctly. In addition there is literal garbage in parts, here is a sample: 
c}⌂▒■♂√v3Θí⌡╓T╠F31B²╬≈↓)Zσ▌ ◄Ω#!Rφ"▬;╥←↓j╒╬╧!┌‼◄b▌╓╫9┬∩╪h
Thanks for your response. I'm gonna look at it some more tomorrow and I'll let you know if I can figure out anything further.
  • Comment on Re^2: A question regarding Win32::EventLog

Replies are listed 'Best First'.
Re^3: A question regarding Win32::EventLog
by barathbr (Scribe) on Feb 02, 2005 at 07:55 UTC
    Hi Sid, I cant quite figure out where those characters are coming from, but for the event ID bit, this should fix it: 
        foreach my $key (keys %$hashRef){
    if ($key =~ /EventID/) {
        my $id = ($hashRef->{$key} & 0xffff);
            print $key . "\t" . "\"$id\"" . "\n";
    }

    [download]
    hth !!

    Update:
    Ok, I am seeing the chars being printed against the name field. I still dont know how to fix it to print the name field, but this should give you the sid for the uid instead. 
    elsif ($key =~ /User/){
    my $sid = unpack("H" . 2 * length(${$hashRef}{$key}), ${$hashRef}{
+$key});
    my $user = ($hashRef->{$key} & 0xffff);
    print "User SID: " . "\t" . "\"$sid\" " . "\n";
}

    [download]
[reply]
[d/l]
[select]
      Wow that certainly does do the trick thank you very much! If you don't mind can you tell me what is exactly going on here?
[reply]

In Section Seekers of Perl Wisdom