Hi Scott
Thanks for your reply. I was a bit worried that an application generating lots of events would register several times in the same second. If I then went to SQL, got the last time and then searched forward I could potentially miss eventlogs that were generated in the same second. Does this make sense or am I being paranoid? Additionally I've checked the event logs on a couple of servers and from what I can see the event ID doesnt seem to wrap with the log - I just wonder if it reaches some finite number e.g. 1,000,000 and then starts again. I think I may just try it for a bit, manually compare and keep my fingers crossed. Thanks for your help. Kind Regards Ross "Scott Campbell" <[EMAIL PROTECTED]> on 27/02/2003 02:33:46 To: Ross Draper/[EMAIL PROTECTED], [EMAIL PROTECTED] cc: Subject: RE: EventLog retrieval Other than record number, there is a timestamp field, which holds the time of the NT event in EPOCH time. If you just keep track on your SQL side what the last timestamp you grabbed was, then you could just make sure you grab entries newer (greater) than the last retrieved event. :) I am not sure about the RecordNumber, and if it ever recycles/repeats itself. But I do know the timestamp never will. Hope this helps. Scott Campbell Senior Software Developer Somix Technologies http://www.somix.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Draper Sent: Wednesday, February 26, 2003 5:30 PM To: [EMAIL PROTECTED] Subject: EventLog retrieval Hi guys A quick question for those of you with any experience in NT/2000 eventlogs. I'm putting together a centralised logging script and one of the things I want to do is pull various eventlogs from remote servers. I've read through the docs on Win32::EventLog and it seems just the ticket. The only snag is I will be squirting this into a SQL table after dragging it across a network so I dont want to retrieve the whole eventlog each time. I notice there is a field called "RecordNumber" for each event retrieved, is this number unique inside the log and incremented with each event entry, thus producing a unique identifier of each record entered since the eventlog/PC was "built"? or is this number "recycled" when the log gets full and starts to overwrite itself? Basically I'm trying to avoid duplicate entries and additional bandwidth, would checking for the last "RecordNumber" logged in the SQL table and then reading from that record onward on the remote event log be a feasible way of doing this? Hope the above makes sense and thanks for your time. Kind Regards Ross PS - Any ideas on formatting commands for the "Data" portion of the retrieved record for printing on screen and dumping to SQL would be welcomed :-) ************************************************************************ * GWR on the Web http://www.koko.com http://www.classicfm.com http://www.corefreshhits.com http://www.planetrock.com http://www.opusonline.co.uk http://www.gwrgroup.com CONFIDENTIALITY NOTICE The information in this e-mail and any attachments to it is confidential and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any use, copying, disclosure, modification, distribution and/or publication of this message or its attachments (if any) is prohibited and may be unlawful. We will not accept liability for any claims arising as a result of the use of the internet to transmit information by or to GWR Group plc. ************************************************************************ *************************** _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
