Mark is right, the handles are not interchangable between the older event log functions and the newer Evt* functions. You can still use the older APIs on Vista and later, though. OpenEventLog returns a handle compatible with ReadEventLog. To use the newer functions, try EvtQuery->EvtNext->EvtRender.
Regarding the docs, the Evt* functions appear in the latest .chm help file. Which documentation are you looking at ? Roger "Tim Keeler" <biot...@gmail.com> wrote in message news:cajpmmnw0t1szvkyqcvsgsnritencuqyszd0kgnx8skpnd+r...@mail.gmail.com... > Thanks for the reply, Mark! > > I took a look and didn't see the EvtGetLogInfo() implemented anywhere in > the source. Hopefully Roger will be able to figure out what's going on here. > > -Tim > > On Thu, May 3, 2012 at 4:35 PM, Mark Hammond <skippy.hamm...@gmail.com>wrote: > >> I'm afraid I'm not familiar with that API, but the crash is because >> EvtOpenLog is returning a handle with a value of 1 and ReadEventLog is >> crashing with that handle. A quick google doesn't find anyone trying to >> use ReadEventLog with a handle returned by EvtOpenLog but instead uses >> EvtGetLogInfo. >> >> Roger Upole added support for these functions so hopefully he is reading >> this and has more experience with the API (and the fact they aren't in the >> generated docs should indeed be treated as a bug!) >> >> Mark >> >> >> On 4/05/2012 1:42 AM, Tim Keeler wrote: >> >>> Hello, >>> >>> I'm having a problem with win32evtlog and reading events from an event >>> log channel on Windows Server 2008 R2. I'm using the following code and >>> get the following error (python.exe APPCRASH no exceptions): >>> >>> #!/usr/bin/python >>> >>> # Windows Event Log Viewer >>> import win32evtlog # requires pywin32 pre-installed >>> >>> hand = win32evtlog.EvtOpenLog('**ForwardedEvents',1,None) >>> flags = >>> win32evtlog.EVENTLOG_**BACKWARDS_READ|win32evtlog.** >>> EVENTLOG_SEQUENTIAL_READ >>> >>> *events = win32evtlog.ReadEventLog(hand, flags, 0)* >>> >>> >>> >>> The last line calling ReadEventLog() is what causes the crash. I had to >>> read through the source code to find the function EvtOpenLog() for >>> channel support, this isn't in the latest documentation. So I'm not sure >>> if this is still experimental or not. >>> >>> Any help or guidance would be greatly appreciated. I'm using Python 2.7.3 >>> >>> Problem signature: >>> Problem Event Name:APPCRASH >>> Application Name:python.exe >>> Application Version:0.0.0.0 >>> Application Timestamp:4f84a6c8 >>> Fault Module Name:ADVAPI32.dll >>> Fault Module Version:6.1.7600.16385 >>> Fault Module Timestamp:4a5bd97e >>> Exception Code:c0000005 >>> Exception Offset:00019347 >>> OS Version:6.1.7600.2.0.0.274.10 >>> Locale ID:1033 >>> Additional Information 1:0a9e >>> Additional Information 2:**0a9e372d3b4ad19135b953a78882e7**89 >>> Additional Information 3:0a9e >>> Additional Information 4:**0a9e372d3b4ad19135b953a78882e7**89 >>> >>> Read our privacy statement online: >>> >>> http://go.microsoft.com/**fwlink/?linkid=104288&clcid=**0x0409<http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409> >>> >>> If the online privacy statement is not available, please read our >>> privacy statement offline: >>> C:\Windows\system32\en-US\**erofflps.txt >>> >>> >>> >>> >>> ______________________________**_________________ >>> python-win32 mailing list >>> python-win32@python.org >>> http://mail.python.org/**mailman/listinfo/python-win32<http://mail.python.org/mailman/listinfo/python-win32> >>> >>> >> >> > -------------------------------------------------------------------------------- > _______________________________________________ > python-win32 mailing list > python-win32@python.org > http://mail.python.org/mailman/listinfo/python-win32 > _______________________________________________ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32