Re^3: Using Win32::Eventlog

Unless someone has some other suggestions,

There are three standard names: Application, Security & System. Which map to the system logs:

C:\windows\SYSTEM32\CONFIG\AppEvent.Evt
C:\windows\SYSTEM32\CONFIG\SecEvent.Evt
C:\windows\SYSTEM32\CONFIG\SysEvent.Evt
[download]

And the underlying system APIs default to the Application Log on the current system. Ie. The defaulting is done by the system not the module, and is done when: a) the underlying APIs are passed NULLs for the serverName and sourceName parameters; b) one of the passed values is unrecognised. (Dumb defaults, it should return an error, but there you go.)

As far as I'm aware. the only other files that you can access through these apis, are backups of those three produced by calling the appropriate system API (exposed by the module using the ->Backup() method). You can only do that once you have successfully opened one of those 3, or (perhaps, it is unclear) an existing backup of one of those three. And the way you open a backup is to pass the fully qualified pathname to the New() constructor.

There are no other options.

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."

Comment on Re^3: Using Win32::Eventlog Select or Download Code

Replies are listed 'Best First'.
Re^4: Using Win32::Eventlog by Al_Gee (Initiate) on Jan 14, 2009 at 18:05 UTC
Gyuk! I knew there were more reasons I didn't like Windows... Thanks for the info, though. That explains a lot. Everything seems to work, if I pass in the log names that the Event Viewer shows; so I guess it will handle more than just the three standard logs (of course, maybe that was a fluke...). I tried giving the full paths to the files. New didn't give an error, but when I queried for the number of records, I got nothing. I don't think I can count on it to handle backup, then. I guess I'll build a hash lookup table and check it against the .evt files on the server to see what logs are there to be backed up. Too bad there isn't a list of the event logs in the environment. This will be a bit convoluted and brain dead, but oh well... Again, many thanks! --Al	[reply]
Re^5: Using Win32::Eventlog by BrowserUk (Patriarch) on Jan 14, 2009 at 18:50 UTC
I knew there were more reasons I didn't like Windows... Hm. Did it ever strike you that maybe if you tried to use Windows as Windows, rather that as some nix substitute, you might get on better? The windows event log apis are designed to log significant events* to the systems event logs, regardless of the application that generated them. They are not designed as a general purpose logging api. It's done that way that the user has one place to go to look for critical events, rather than having to plunder their entire file system looking for where some application might have stuck its log file. If you're looking for a general purpose application logging mechanism, use one of those on CPAN in the LOG::* namespace that writes a standard flats ascii file rather than Windows proprietary binary format. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply]