Solved

NT Event Log problem

Posted on 1998-06-09
8
194 Views
Last Modified: 2010-03-05
I am trying to use perl to show me info from my NT event log.  However, when I run the script, I get the headers with no information.  Any help would be appreciated.  The script is as follows:

use Win32::EventLog;

my $EventLog;
my %event=(
      'Length',NULL,
      'RecordNumber',NULL,
      'TimeGenerated',NULL,
      'TimeWritten',NULL,
      'EventID',NULL,
      'EventType',NULL,  
      'Category',NULL,
      'ClosingRecordNumber',NULL,
      'Source',NULL,
      'Computer',NULL,
      'Strings',NULL,
      'Data',NULL,
);

my %EventType = (0,'Error',2,'Warning',4,'Information',
8,'Audit success',16,'Audit failure');

#Opening the log file on my computer, looking for system's events      
$EventLog = new Win32::EventLog( 'Security' ) || die $!;

#Reading the first event
$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),1,$event);

#Conversion of the date
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
            = localtime($event->{'TimeGenerated'});

#printing the event
print "date : $mon/$mday/$year\n";

#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;

#readable EventType
$event->{'EventType'} = $EventType{ $event->{'EventType'} };

#split the strings
$event->{'Strings'} =~ tr/\0/\n/;

#Print the Event
foreach $i (keys %event)
{
print "$i : $event->{$i}\n";
}
0
Comment
Question by:darin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:alamo
ID: 1207792
Hi again...

Add the following code before #Reading the first event:

$EventLog->GetOldest($oldest);
print "Oldest in log: $oldest\n";
$EventLog->GetNumber($NumberOfEvents);
print "Number in Log: $NumberOfEvents\n";

And change the Read to:

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$oldest,$event);

(Note that 1 became $oldest in the above line).

Good Luck! (By the way, please grade the other question I answered for you).
0
 

Author Comment

by:darin
ID: 1207793
This is what I get:

Oldest in log: 0
Number in Log: 0
date : 11/31/69
Source :
Length :
EventType :
ClosingRecordNumber :
RecordNumber :
Data :
Strings :
TimeWritten :
TimeGenerated :
Category :
Computer :
EventID : 0

But there are definately events in the log.  
Also, how would i loop through all the events?  (I know this sounds basic, but I'm just starting with perl and appreciate your help)

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207794
Yes, but are there events in your *security* log? (Mine was empty, I'm not even certain what events go in there).

Try changing 'Security' to 'System'. Use Event Viewer to verify there are really events there.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:alamo
ID: 1207795
In terms of looping through the availabel events, the easiest is a simple for loop:

for ($i = 0; $i < $NumberOfEvents; $i++ {
}

And change $oldest in the Read line to $oldest+$i

0
 

Author Comment

by:darin
ID: 1207796
Yup, you're right.  Thanks again.  Any ideas on the looping for, say, the most recent 20 events.  I am trying to build a web interface to see the events on our web server from any browser (with security of course).  

Darin
darin@xcape.com
0
 
LVL 6

Accepted Solution

by:
alamo earned 100 total points
ID: 1207797
Try this for the latest 20:

for ($i=0, $position=$oldest+$NumberOfEvents-1; $i < 20 && $position >= $oldest; $i++, $position--) {

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$position,$event);

-- etc --
}
0
 

Author Comment

by:darin
ID: 1207798
Alamo, please post an answer again, so I can grade it.

Thanks again,

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207799
Thanks for grading quickly Darin. By the way, I just did a quick test and the script runs as a CGI (I expected permissions to be an issue, but apparently not). Good luck!


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to extract data from a table into a fixed length file 10 64
Problem with one substitution modifying another 3 84
Control Number of Log Files -Perl 7 102
Perl Untar File 1 78
I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question