i need to parse system event logs for win2000
Professional and i can see what i'm looking for when i
use the viewer; i can also save the log in text format
from the viewer.
Is there any way i could programmatically get an *.evt
file in a given path AND SAVE IT IN TEXT FORMAT, and
then open and parse?
Two nice easy ways to do this in perl are the Win32::Eventlog module, or
the WMI class Win32_NTLogEvent. The latter is particularly useful if you
want to search large logs for specific IDs, or connect to remote
machines, since the ability to issue a specific query confers quite a
speed increase over Win32::Eventlog. Docs here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/
wmi/win32_ntlogevent.asp
Try something like this to get you started (cobbled from other code, not
tested):
my $x =
Win32::OLE-GetObject(WinMgmts://$ENV{COMPUTERNAME}/root/cimv2) or die
Can't instantiate WMI;
my $SQL = qq(
SELECT * FROM Win32_NTLogEvent
WHERE Logfile='System'
AND EventCode='1074'
);
my $y = $x-ExecQuery($SQL) or die WMI query failed;
foreach my $event (in $y) {
my $message = $event-{Message};
$message =~ s|(\xd\xa){2}|\n|g;
print $message\n;
}
Good luck!
Paul
*
Gloucester Research Limited believes the information
provided herein is reliable. While every care has been
taken to ensure accuracy, the information is furnished
to the recipients with no warranty as to the completeness
and accuracy of its contents and on condition that any
errors or omissions shall not be made the basis for any
claim, demand or cause for action.
*
___
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
