Tony Cappellini wrote:
Thanks, but those just monitor events.
I need to pull some very specific data from an event log file, after I
know the event has already occurred.
Tim has another module called winsys, and there is an object which
handles some aspects of reading event logs.
http://timgolden.me.uk/python/winsys/event_logs.html#module-event_logs
Tim - what I need to is pull this structure
http://msdn.microsoft.com/en-us/library/ms810313.aspx
from the event log, AFTER an event 51 has already occurred.
http://support.microsoft.com/kb/244780
I can easily look at the Event Viewer to determine if the event has occurred.
I don't see it at a glance, but does your winsys module have a way to do this?
If not, I'll just have to hard code offsets and use the struct module to get it.
You can certainly get hold of the event log record via
WMI or via WinSys (which just wraps the pywin32 module
someone else referred to). But there's not special code
for reconstructing the rather specific data structure
you refer to. You'll need to use struct or ctypes for
that.
Let me know if you need help getting the data out in
the first place; I'm not clear whether you've got that
covered or not. (And whether you want to be notified
when the event fires or whether you're merely scanning
historically).
TJG
_______________________________________________
python-win32 mailing list
python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32
