in reply to Re^2: How to access Windows Vista/Server 2008 eventlogs(.evtx vs. .evt)
in thread How to access Windows Vista/Server 2008 eventlogs(.evtx vs. .evt)

And?

There is an internal function called OpenBackupEventLog(), which is considerably different to the OPs "WIN32::EventLog::OpenBackup function", that isn't directly exposed through the API. But rather only through the new() method, where it is invoked if the format of one of the arguments meets certain criteria.

It is also very unclear, given the confused phraseology:

When I attempt to open one of the newer event logs that where backed up using the WIN32::EventLog::OpenBackup function, it fails with an Unknown error.

quite how the OP is creating the backup that he is subsequently failing to open. Does that sentence mean he was trying to use that non-existant function to perform the backup? Or the the subsequent open?

A simple code sample shows that Win32::EventLog can backup and subsequently re-open an event log just fine under Vista: 

[0] Perl> use Win32::EventLog;;
[0] Perl> print $e = Win32::EventLog->new("System", $ENV{ComputerName}
+);;
Win32::EventLog=HASH(0x3a70d90)

[0] Perl> $e->Backup( 'c:\\test\\System.evt' );;
[0] Perl> print $f = Win32::EventLog->new('c:\\test\\System.evt', $ENV
+{ComputerName});;
Win32::EventLog=HASH(0x3b4b500)

[0] Perl>

[download]

Note: The [0] would be non-zero if any of those calls had failed.

OP: More information please!

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
"I'd rather go naked than blow up my ass"

Replies are listed 'Best First'.
Re^4: How to access Windows Vista/Server 2008 eventlogs(.evtx vs. .evt)
by Anonymous Monk on Jun 11, 2010 at 14:35 UTC
    Did you ever figure this out? I have been given an executable that has this call in it (which works just fine when run on an XP machine (backing up another remote xp machine): Win32::EventLog::OpenBackup ($EVTFILE,$SOURCE) where $EVTFILE = sprintf("%s\\%s_%s.evt",$BACKUP_LOG_DIR,$machine, $log_name); and $SOURCE = sprintf('\\\\%s',$MACHINE); and $MACHINE = shift || Win32::NodeName; But I get the same error when running this executable on a Server 2008 machine, trying to backup the event logs on a remote XP machine. I don't have the ability to change the code that the executable was compiled from. but perhaps I might be able to update the local DLLs or something else?
[reply]
      Did you ever figure this out?

      Yes. It works fine on Vista locally. Therefore I suggest you have a permissions problem.

      I don't have the ability to change the code that the executable was compiled from.

      "Compiled"? This is a Perl forum. If you really mean "packaged" (as in Par or similar), then extracting the source code from the packaging is (apparently) quite trivial.

      Quite frankly, expecting a script packaged under XP to continue to work under Vista is optimism of the highest (and most naive) order. Vista has a ream of changes in the way it works that simply didn't exist under XP.

      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]

In Section Seekers of Perl Wisdom