Re: reading windows event logs
On 26/11/2009 7:22 AM, EW wrote: Hi All, I'm looking for some guidance on a better way to read eventlogs from windows servers. I've written a handy little app that relies on WMI to pull the logs an in all my testing it worked great. When I deployed it, however, WMI choked on servers with a lot of logs. I've tried pulling the logs using much smaller VB scripts as well and they still failed, so I'm pretty sure I'm facing a WMI problem and not a python or system resources problem. So I couldn't effectively get logs off of domain controllers for example or file servers that had auditing turned on. Sadly those are exactly the types of servers whose logs are most interesting. So I'm looking for suggestions on a way to grab that data without using WMI for remote machines. I know MS has C libraries for this but I haven't touched C for 10 years so I'm hoping there's a python equivalent out there somewhere. Any advice would be appreciated. Look for the win32evtlog and win32evtlogutil modules which come with pywin32 (http://sf.net/projects/pywin32) Cheers, Mark -- http://mail.python.org/mailman/listinfo/python-list
Re: reading windows event logs
EW wrote: Hi All, I'm looking for some guidance on a better way to read eventlogs from windows servers. I've written a handy little app that relies on WMI to pull the logs an in all my testing it worked great. When I deployed it, however, WMI choked on servers with a lot of logs. I've tried pulling the logs using much smaller VB scripts as well and they still failed, so I'm pretty sure I'm facing a WMI problem and not a python or system resources problem. So I couldn't effectively get logs off of domain controllers for example or file servers that had auditing turned on. Sadly those are exactly the types of servers whose logs are most interesting. So I'm looking for suggestions on a way to grab that data without using WMI for remote machines. I know MS has C libraries for this but I haven't touched C for 10 years so I'm hoping there's a python equivalent out there somewhere. Any advice would be appreciated. The events logs are in %SystemRoot%\system32\config and have the extension .evt. There's info here on the file format: http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html -- http://mail.python.org/mailman/listinfo/python-list
