> -----Original Message-----
> From: Ryan Frantz
> Sent: Wednesday, August 31, 2005 11:57 AM
> To: beginners@perl.org
> Subject: Win32::EventLog - Missing Events
>
> Perlers,
>
>
>
> I'm working on a script to check the application log on one of my
> servers for a specific event using Win32::EventLog. For some reason,
I
> don't get all of the event entries returned. In this case I have 1196
> entries, but only 353 are output by the script (so says
$log->GetNumber
> and wc -l). Does anyone know why this could be?
>
>
>
> Using the documentation from CPAN and a few pages from 'Perl for
System
> Administration', I've written the following:
>
>
>
> # Perl and Windows, sittin' in a tree...
>
>
>
> use strict;
>
> use warnings;
>
>
>
> # the code snippet for Win32::EventLog was lifted from 'Perl for
System
> Administration', pg. 298
>
>
>
> use Win32::EventLog;
>
> # each event has a type, hash it
>
> my %type = ( 1 => "ERROR",
>
> 2 => "WARNING",
>
> 4 => "INFORMATION",
>
> 8 => "AUDIT_SUCCESS",
>
> 16 => "AUDIT_FAILURE",);
>
>
>
> # if this is set, we also retrieve the full text of every message on
> each Read()
>
> $Win32::EventLog::GetMessageText = 1;
>
>
>
> # open the System log (try Application later)
>
> #my $log = new Win32::EventLog("Application") or die "Unable to open
> system log:$!\n";
>
> my $log = new Win32::EventLog("System") or die "Unable to open system
> log:$!\n";
>
>
Well, it's official: I'm an ass. My problem was that I opened the wrong
event log (see my own comment)... I wanted to open the Application log
but hadn't swapped the lines of code yet! Duh! Sorry for wasting the
list's time on this one.
In the meantime, however, though the number of records matches (1198
now), they aren't all output. I actually only get about 7 records
printed out. And they're anywhere from the beginning of the log to the
end. Do I need to specify that record offset? I thought that I did so
here:
($log->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ),1,$entry))
>
> # find the number of records in the log
>
> $log->GetNumber(my $lastRec);
>
>
>
> my $entry;
>
> my $source2find = "APCPBEAgent";
>
> my $id2find = "2000";
>
> # set an arbitrary time for testing; will capture time at the end of
> each run (in production)
>
> #my $time2find = "1125272719";
>
>
>
> # read one record at a time, starting with the first entry
>
> # note: find docs on EVENTLOG_*...
>
> while
>
($log->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ),1,$entry))
> {
>
>
>
> # the following print lines are for debugging, to make sure I really
> have some output...
>
> print"\n-------------------\n";
>
> print "Time: " . $entry->{TimeGenerated} . "\n";
>
> print scalar localtime($entry->{TimeGenerated}) . "\n";
>
> print "Computer: " . $entry->{Computer} . "\n";
>
> print "EventID: " . ($entry->{EventID} & 0xffff) . "\n";
>
> print "Source: " . $entry->{Source}. "\n";
>
> print "Event Type: " . $type{$entry->{EventType}} . "\n";
>
> print "Message: " . $entry->{Message}. " \n";
>
>
>
> # assign some variables
>
> my $source = $entry->{Source};
>
> my $time = $entry->{TimeGenerated};
>
> my $eventid = $entry->{EventID};
>
>
>
> # if ( $time > $time2find ) {
>
> # if ( $source eq $source2find ) {
>
> # if ( $eventid eq $id2find ) {
>
> # print"\n-------------------\n";
>
> # print "Time: " . $time . "\n";
>
> # print "Source: " . $source . "\n";
>
> # print "EventID: " . $eventid . "\n";
>
> # }
>
> # }
>
> # }
>
>
>
> }
>
>
>
> print "Number of events: $lastRec\n";
>
>
>
> Ryan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
