Re: Reading Subkeys with Win32::TieRegistry

I agree/think Win32::EventLog might be a better choice. It has a powerful read method. Also see How To for ideas.

Furthermore I recall that you can set the event log security locally/by using Group Policy. Are you sure you have permission to read them, i.e. with what user are you trying to read the registry?

HTH

Comment on Re: Reading Subkeys with Win32::TieRegistry

Replies are listed 'Best First'.
Re^2: Reading Subkeys with Win32::TieRegistry by Al_Gee (Initiate) on Jan 26, 2009 at 14:21 UTC
My ultimate goal is a to write a backup system for our Windows servers. What I need to be able to do is backup each event log on each system to a local directory on that system and then to a central system on the network. The reason I am trying to read the subkeys under Eventlog in the registry is that the Windows Event Log system is flawed (at least for my use of it). Though it allows you to have more event logs, the system's defaults assume that you only have three event logs: Application, Security, and System. (And, yes, I do have the correct permissions to read the files). Furthermore, while the .evt file in the config directory indicates that there is an event log, it is not the name of the event log. The documentation for Win32::EventLog implied that I might be able to manipulate the event logs using the full path to the .evt file. I was unable to get that to work; Win32::EventLog would only work with the name of the event log. (Using the full path is meant for reading backup files; so maybe it won't work on a .evt file in the config directory...) Win32::Registry has no mechanism for listing out the existing event logs. I saw that the registry key for the Eventlog had a subkey for each event log on the system, and those subkeys used the same name as the event log. We have multiple servers with many different combinations of event logs. Rather than have a hash lookup, which I would have to maintain, that would associate each .evt file in the config directory to the correct event log name, I decided to try and read those subkeys. I was foiled again. While I can read the subkeys of the Services key above Eventlog and of the subkeys below Eventlog, I cannot get Win32::TieRegistry to read the subkeys of the Eventlog key itself. If someone knows of another way to get a list of the event logs on a system, I'd be happy to try it... Thanks-- Al	[reply]

Replies are listed 'Best First'.

Re^2: Reading Subkeys with Win32::TieRegistry
by Al_Gee (Initiate) on Jan 26, 2009 at 14:21 UTC

My ultimate goal is a to write a backup system for our Windows servers. What I need to be able to do is backup each event log on each system to a local directory on that system and then to a central system on the network.

The reason I am trying to read the subkeys under Eventlog in the registry is that the Windows Event Log system is flawed (at least for my use of it). Though it allows you to have more event logs, the system's defaults assume that you only have three event logs: Application, Security, and System. (And, yes, I do have the correct permissions to read the files).

Furthermore, while the .evt file in the config directory indicates that there is an event log, it is not the name of the event log. The documentation for Win32::EventLog implied that I might be able to manipulate the event logs using the full path to the .evt file. I was unable to get that to work; Win32::EventLog would only work with the name of the event log. (Using the full path is meant for reading backup files; so maybe it won't work on a .evt file in the config directory...) Win32::Registry has no mechanism for listing out the existing event logs.

I saw that the registry key for the Eventlog had a subkey for each event log on the system, and those subkeys used the same name as the event log. We have multiple servers with many different combinations of event logs. Rather than have a hash lookup, which I would have to maintain, that would associate each .evt file in the config directory to the correct event log name, I decided to try and read those subkeys.

I was foiled again. While I can read the subkeys of the Services key above Eventlog and of the subkeys below Eventlog, I cannot get Win32::TieRegistry to read the subkeys of the Eventlog key itself.

If someone knows of another way to get a list of the event logs on a system, I'd be happy to try it...

Thanks--

[reply]