matze77 has asked for the wisdom of the Perl Monks concerning the following question:

Hello!
I want to parse the ntds.evt Logfile on a Windows 2003 Server, for "System" "DNS" e.g. this is working.
Does anyone know how the "Eventlog Category" for NTDS (File NTDS.Evt) is called?
This is not working it "defaults" to "Application" Log ... Here part of the script: 

 
use Win32::EventLog;
open (EL,">eventlog.txt");
$handle=Win32::EventLog->new("NTDS", $ENV{ComputerName})
        or die "Can't open Application EventLog\n";

...

[download]

Thanks
MH

Replies are listed 'Best First'.
Re: Eventlog Category for NTDS?
by Anonymous Monk on Jun 14, 2011 at 13:39 UTC

    Maybe you want to specify full path to NTDS.Evt?

    http://cpansearch.perl.org/src/JDB/Win32-EventLog-0.076/EventLog.xs 

    static const char *EVFILE[] = {"System", "Security", "Application"};

...
    /* Which EventLog are we reading? */
    for (j=0; j < (sizeof(EVFILE)/sizeof(EVFILE[0])); j++) {
        sprintf(regPath,
                "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s
+",
                EVFILE[j], source);
        if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, regPath,
                          0, KEY_READ, &hk) == ERROR_SUCCESS)
        {
            break;
        }
    }

    [download]

    Maybe you want to use psloglist?

[reply]
[d/l]
Re: Eventlog Category for NTDS?
by BrowserUk (Patriarch) on Jun 14, 2011 at 13:41 UTC

    Have you tried supplying the full pathname to the log of interest? SAy: 

    $handle=Win32::EventLog->new("C:\\Windows\\System32\\winevt\\Logs\\NTD
+S.evt")

    [download]
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]

Back to Seekers of Perl Wisdom