Re: Extracting useful information from Windows Event Logs

Replies are listed 'Best First'.
Re^2: Extracting useful information from Windows Event Logs by saadatsaeed (Initiate) on May 24, 2007 at 09:38 UTC
Well from a text I need to extract certain information... I know the text will come after a certain partten..... for example "Document Wod.doc owned by DUSASAE was printed on HPLJ5 via port LPT1. Size in bytes: 37836; pages printed: 1" In the above... DUSASAE is my username which will always come after "owned by " and has a space before and after it, since my username can be variable length. How do I extract this sort of data. reading about regex ... but not really my skill yet.	[reply]
Re^3: Extracting useful information from Windows Event Logs by blazar (Canon) on May 24, 2007 at 13:24 UTC
`my $text="Document Wod.doc owned by DUSASAE was printed on HPLJ5 via p +ort LPT1. Size in bytes: 37836; pages printed: 1"; if ($text =~ /^Document\s+(\S+)\s+owned by\s+(\w+).+pages printed:\s+( +\d+)\z/) { print <<"EOT"; pages printed: $3 filename: '$1' username: $2 EOT }` [download] Appears to work for this simple case. But can the filename and username contain spaces. If so, what happens? Hard to say without a more precise spec. Feel free to adapt to your needs, though.	[reply] [d/l]
Re^4: Extracting useful information from Windows Event Logs by saadatsaeed (Initiate) on May 24, 2007 at 15:04 UTC
Ok I have added this to search through my text..... but the second regex is doing a backward search and not a forward search. `if (($mday1 eq $mday)&($mon eq $mon1)&($year eq $year1)) { Win32::EventLog::GetMessageText($hashRef); print "Entry $x: $mday $mon $year $hashRef->{Message}\ +n"; $Message = $hashRef->{Message}; $Message1 = $Message; if ($Message1 =~ /owned by /g) { print "xx", pos $Message1, " \n"; } if ($Message =~ / (?=owned by )/g) { print "xy", pos $Message, " \n"; } }` [download]	[reply] [d/l]
Re^5: Extracting useful information from Windows Event Logs by blazar (Canon) on May 24, 2007 at 15:56 UTC