asked on

NT Event Log problem

I am trying to use perl to show me info from my NT event log. However, when I run the script, I get the headers with no information. Any help would be appreciated. The script is as follows:

use Win32::EventLog;

my $EventLog;
my %event=(
      'Length',NULL,
      'RecordNumber',NULL,
      'TimeGenerated',NULL,
      'TimeWritten',NULL,
      'EventID',NULL,
      'EventType',NULL,
      'Category',NULL,
      'ClosingRecordNumber',NULL,
      'Source',NULL,
      'Computer',NULL,
      'Strings',NULL,
      'Data',NULL,
);

my %EventType = (0,'Error',2,'Warning',4,'Information',
8,'Audit success',16,'Audit failure');

#Opening the log file on my computer, looking for system's events
$EventLog = new Win32::EventLog( 'Security' ) || die $!;

#Reading the first event
$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),1,$event);

#Conversion of the date
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
            = localtime($event->{'TimeGenerated'});

#printing the event
print "date : $mon/$mday/$year\n";

#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;

#readable EventType
$event->{'EventType'} = $EventType{ $event->{'EventType'} };

#split the strings
$event->{'Strings'} =~ tr/\0/\n/;

#Print the Event
foreach $i (keys %event)
{
print "$i : $event->{$i}\n";
}

alamo

Hi again...

Add the following code before #Reading the first event:

$EventLog->GetOldest($oldest);
print "Oldest in log: $oldest\n";
$EventLog->GetNumber($NumberOfEvents);
print "Number in Log: $NumberOfEvents\n";

And change the Read to:

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$oldest,$event);

(Note that 1 became $oldest in the above line).

Good Luck! (By the way, please grade the other question I answered for you).

darin

ASKER

This is what I get:

Oldest in log: 0
Number in Log: 0
date : 11/31/69
Source :
Length :
EventType :
ClosingRecordNumber :
RecordNumber :
Data :
Strings :
TimeWritten :
TimeGenerated :
Category :
Computer :
EventID : 0

But there are definately events in the log.
Also, how would i loop through all the events? (I know this sounds basic, but I'm just starting with perl and appreciate your help)

Darin

alamo

Yes, but are there events in your *security* log? (Mine was empty, I'm not even certain what events go in there).

Try changing 'Security' to 'System'. Use Event Viewer to verify there are really events there.

alamo

In terms of looping through the availabel events, the easiest is a simple for loop:

for ($i = 0; $i < $NumberOfEvents; $i++ {
}

And change $oldest in the Read line to $oldest+$i

darin

ASKER

Yup, you're right. Thanks again. Any ideas on the looping for, say, the most recent 20 events. I am trying to build a web interface to see the events on our web server from any browser (with security of course).

Darin
darin@xcape.com

ASKER CERTIFIED SOLUTION

alamo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

darin

ASKER

Alamo, please post an answer again, so I can grade it.

Thanks again,

Darin

alamo

Thanks for grading quickly Darin. By the way, I just did a quick test and the script runs as a CGI (I expected permissions to be an issue, but apparently not). Good luck!