Re: Possible Size Problem in Eventlogs?

Mon, 11 Nov 2002 14:03:09 -0800 

I do not know the answer to your question, but there is a WMI
interface to the event log.  It may or may not have the same size
restriction you are seeing:

  http://msdn.microsoft.com/library/en-us/wmisdk/wmi/win32_ntlogevent.asp

On another note, this seems an opportune time to share a little script
I wrote earlier today.  It takes the name of a WMI class and dumps all
instances of that class.

Running it like this will dump the event log:

    instances.pl Win32_NTLogEvent

Running it like this will dump the process table:

    instances.pl Win32_Process

This will dump the printers:

    instances.pl Win32_Printer

...and so on.

Running it with "--help" gives usage instructions.

 - Pat


use warnings;
use strict;
use Getopt::Long;
use Pod::Usage;
use Win32::OLE;

# Your usual option-processing sludge.
my %opts;
GetOptions (\%opts, 'help|h|?', 'remote=s')
    or pod2usage (2);

(exists $opts{'help'})
    and pod2usage ('-exitstatus' => 0, '-verbose' => 2);

# Ensure exactly one argument after options.
scalar @ARGV == 1
    or pod2usage (2);

my ($class) = @ARGV;

# Bomb out completely if COM engine encounters any trouble.
Win32::OLE->Option ('Warn' => 3);

# Get a handle to the SWbemServices object of the machine.
my $computer = Win32::OLE->GetObject (exists $opts{'remote'}
                                      ? "WinMgmts://$opts{'remote'}/"
                                      : 'WinMgmts:');

# Get the SWbemObjectSet of all objects of the class.
my $instances_set = $computer->InstancesOf ($class);

# Convert set to Perl array.
my @instances = Win32::OLE::Enum->All ($instances_set);

# Display all properties of an object.
sub dump_obj ($) {
    my ($obj) = @_;
    # Get set of properties of the class.
    my $props_set = $obj->{'Properties_'};

    # Convert set to Perl array.
    my @props = Win32::OLE::Enum->All ($props_set);
    foreach my $prop (@props) {
        my $name = $prop->{'Name'};
        printf "%32s ", $name;
        my $value;
        if ($prop->{'IsArray'}) {
            $value = '<array>';
        }
        else {
            $value = $prop->{'Value'};
            defined $value
                or $value = '<undefined>';
        }
        print "$value\n";
    }
}

foreach my $instance (@instances) {
    dump_obj ($instance);
    print "\n";
}

exit 0;

__END__

=head1 NAME

instances.pl - Dump all instances of a WMI class

=head1 SYNOPSIS

instances.pl [ options ] <WMI class name>

Options:

 --help                 Display help and exit
 --remote <host>        Operate on <host> instead of local machine

=head1 SEE ALSO

http://msdn.microsoft.com/library/en-us/wmisdk/wmi/wmi_classes.asp

Reply via email to