Win32::Eventlog Question

jupe has asked for the wisdom of the Perl Monks concerning the following question:

Greetings!

I have been working with the Win32::Eventlog module, and so far it is a wonderful tool. One problem, however, is the 'User' field that is returned looks to be in binary. For example, here is a dump of one of my event log entries.

$VAR1 = {
          'TimeGenerated' => 1114112564,
          'RecordNumber' => 10,
          'ClosingRecordNumber' => 0,
          'User' => '&#9786;&#9827;     &#9827;§   &#8976;&#9824;`Å&#8
+776;&#8776;&#8992;&#9472;G^u2&#8745;&#9829;  ',
          'Computer' => 'JPICKETT-LAPTOP',
          'EventID' => 1073748859,
          'Length' => 0,
          'Message' => 'The Alerter service was successfully sent a st
+op control.',
          'Timewritten' => 1114112564,
          'EventType' => 4,
          'Strings' => 'Alerter stop ',
          'Source' => 'Service Control Manager',
          'Category' => 0,
          'Data' => ''
        };
}
[download]

Is there any way in Perl to get the user name as opposed to binary data? Thanks!

Comment on Win32::Eventlog Question Download Code

Replies are listed 'Best First'.
Re: Win32::Eventlog Question by BrowserUk (Patriarch) on Apr 21, 2005 at 21:10 UTC
That field is a binary encoded security id. To translate that to a username you'll need to call LookupAccountSid, probably via Win32::API. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. Lingua non convalesco, consenesco et abolesco. Rule 1 has a caveat! -- Who broke the cabal?	[reply] [d/l]