Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NT Event Log problem

Posted on 1998-06-09
8
Medium Priority
?
197 Views
Last Modified: 2010-03-05
I am trying to use perl to show me info from my NT event log.  However, when I run the script, I get the headers with no information.  Any help would be appreciated.  The script is as follows:

use Win32::EventLog;

my $EventLog;
my %event=(
      'Length',NULL,
      'RecordNumber',NULL,
      'TimeGenerated',NULL,
      'TimeWritten',NULL,
      'EventID',NULL,
      'EventType',NULL,  
      'Category',NULL,
      'ClosingRecordNumber',NULL,
      'Source',NULL,
      'Computer',NULL,
      'Strings',NULL,
      'Data',NULL,
);

my %EventType = (0,'Error',2,'Warning',4,'Information',
8,'Audit success',16,'Audit failure');

#Opening the log file on my computer, looking for system's events      
$EventLog = new Win32::EventLog( 'Security' ) || die $!;

#Reading the first event
$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),1,$event);

#Conversion of the date
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
            = localtime($event->{'TimeGenerated'});

#printing the event
print "date : $mon/$mday/$year\n";

#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;

#readable EventType
$event->{'EventType'} = $EventType{ $event->{'EventType'} };

#split the strings
$event->{'Strings'} =~ tr/\0/\n/;

#Print the Event
foreach $i (keys %event)
{
print "$i : $event->{$i}\n";
}
0
Comment
Question by:darin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:alamo
ID: 1207792
Hi again...

Add the following code before #Reading the first event:

$EventLog->GetOldest($oldest);
print "Oldest in log: $oldest\n";
$EventLog->GetNumber($NumberOfEvents);
print "Number in Log: $NumberOfEvents\n";

And change the Read to:

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$oldest,$event);

(Note that 1 became $oldest in the above line).

Good Luck! (By the way, please grade the other question I answered for you).
0
 

Author Comment

by:darin
ID: 1207793
This is what I get:

Oldest in log: 0
Number in Log: 0
date : 11/31/69
Source :
Length :
EventType :
ClosingRecordNumber :
RecordNumber :
Data :
Strings :
TimeWritten :
TimeGenerated :
Category :
Computer :
EventID : 0

But there are definately events in the log.  
Also, how would i loop through all the events?  (I know this sounds basic, but I'm just starting with perl and appreciate your help)

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207794
Yes, but are there events in your *security* log? (Mine was empty, I'm not even certain what events go in there).

Try changing 'Security' to 'System'. Use Event Viewer to verify there are really events there.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 6

Expert Comment

by:alamo
ID: 1207795
In terms of looping through the availabel events, the easiest is a simple for loop:

for ($i = 0; $i < $NumberOfEvents; $i++ {
}

And change $oldest in the Read line to $oldest+$i

0
 

Author Comment

by:darin
ID: 1207796
Yup, you're right.  Thanks again.  Any ideas on the looping for, say, the most recent 20 events.  I am trying to build a web interface to see the events on our web server from any browser (with security of course).  

Darin
darin@xcape.com
0
 
LVL 6

Accepted Solution

by:
alamo earned 400 total points
ID: 1207797
Try this for the latest 20:

for ($i=0, $position=$oldest+$NumberOfEvents-1; $i < 20 && $position >= $oldest; $i++, $position--) {

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$position,$event);

-- etc --
}
0
 

Author Comment

by:darin
ID: 1207798
Alamo, please post an answer again, so I can grade it.

Thanks again,

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207799
Thanks for grading quickly Darin. By the way, I just did a quick test and the script runs as a CGI (I expected permissions to be an issue, but apparently not). Good luck!


0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question