in reply to Win32::EventLog->Backup(), appending contents of new log to a saved one.

One way to do it would be to use a file test like -e to check if the file exists before you call Backup. If it does you could then call Backup with a temp filename and then append that to the existing file. Seems like there should be another method in Win32 to handle that but I don't know.

  • Comment on Re: Win32::EventLog->Backup(), appending contents of new log to a saved one.

Replies are listed 'Best First'.
Re^2: Win32::EventLog->Backup(), appending contents of new log to a saved one.
by dannyd (Sexton) on Jan 12, 2011 at 07:15 UTC

    Thanks for the suggestion, I probably should have mentioned in the question that I tried appending the entire log, using the code

    open (FH1,">>C\:\\Users\\Administrator\\Desktop\\Perl\_Scripts\\831203
+2\_Security\.evtx");
open (FH2,"<C\:\\Users\\Administrator\\Desktop\\Perl\_Scripts\\8312032
+\_System\.evtx");
while (<FH2>)
{
    print FH1 $_;
}
close (FH1);
close (FH2);

    [download]

    When I did this, the security log size increased in proportion

    But I was not able to see any of the appended events from system when I opened security log using the Event viewer utility in windows.

    There is also a bit of a logic problem with this method, but im sure that can be resolved if it works

    Could it be that the log files are terminated and the Viewing utility stops reading after some sort of terminator??

    Any insight will be very helpful

    Whether the log file exists is displayed by the $^E variable in the case(So i think that part is ok).Any other ways to do it would be appreciated, but im still trying to figure out how to append to a saved log though.

[reply]
[d/l]
      Before any other debugging, other than ensuring the code compiles, you should be checking that open() succeeded (unless you're already using autodie): 
      my $dst = "C:\\Users\\Administrator\\Desktop\\Perl_Scripts\\8312032_Se
+curity.evtx";
my $src = "C:\\Users\\Administrator\\Desktop\\Perl_Scripts\\8312032_Sy
+stem.evtx";

open (my $dsth, ">>", $dst)
  or die qq(can't open "$dst" for appending: $!);
open (my $srch, "<", $src)
  or die qq(can't open "$src" for reading: $!);

print {$dsth} <$srch>; 

close ($srch);
close ($dsth);

      [download]

      or 

      use autodie;
{
    open (my $dsth, ">>", $dst);
    open (my $srch, "<", $src);
    print {$dsth} <$srch>; 
}

      [download]

      That last block could be any type of block providing lexical scope. The print {$filehandle} LIST; construct makes it more obvious that you're printing to a filehandle object, rather than missing a comma in your arguments list, to both the programmer and to Perl. In list context, the diamond operator returns all lines from a file. You don't need to escape colons or underscores in a string or a regular expression.

      For easy of readability, Perl can handle Windows paths with forward slashes (actually, Windows itself handles forward-slash paths fine, which is what Perl sends to the system -- its Windows built-in applications which force only backslash paths on you). So to prevent forgetting to backslash a directory separator and to minimize length of paths strings, you could represent them as: 

      my $dst = "C:/Users/Administrator/Desktop/Perl_Scripts/8312032_Securit
+y.evtx";
my $src = "C:/Users/Administrator/Desktop/Perl_Scripts/8312032_System.
+evtx";

      [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom