Solved

NT Event Log problem

Posted on 1998-06-09
8
185 Views
Last Modified: 2010-03-05
I am trying to use perl to show me info from my NT event log.  However, when I run the script, I get the headers with no information.  Any help would be appreciated.  The script is as follows:

use Win32::EventLog;

my $EventLog;
my %event=(
      'Length',NULL,
      'RecordNumber',NULL,
      'TimeGenerated',NULL,
      'TimeWritten',NULL,
      'EventID',NULL,
      'EventType',NULL,  
      'Category',NULL,
      'ClosingRecordNumber',NULL,
      'Source',NULL,
      'Computer',NULL,
      'Strings',NULL,
      'Data',NULL,
);

my %EventType = (0,'Error',2,'Warning',4,'Information',
8,'Audit success',16,'Audit failure');

#Opening the log file on my computer, looking for system's events      
$EventLog = new Win32::EventLog( 'Security' ) || die $!;

#Reading the first event
$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),1,$event);

#Conversion of the date
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
            = localtime($event->{'TimeGenerated'});

#printing the event
print "date : $mon/$mday/$year\n";

#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;

#readable EventType
$event->{'EventType'} = $EventType{ $event->{'EventType'} };

#split the strings
$event->{'Strings'} =~ tr/\0/\n/;

#Print the Event
foreach $i (keys %event)
{
print "$i : $event->{$i}\n";
}
0
Comment
Question by:darin
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:alamo
ID: 1207792
Hi again...

Add the following code before #Reading the first event:

$EventLog->GetOldest($oldest);
print "Oldest in log: $oldest\n";
$EventLog->GetNumber($NumberOfEvents);
print "Number in Log: $NumberOfEvents\n";

And change the Read to:

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$oldest,$event);

(Note that 1 became $oldest in the above line).

Good Luck! (By the way, please grade the other question I answered for you).
0
 

Author Comment

by:darin
ID: 1207793
This is what I get:

Oldest in log: 0
Number in Log: 0
date : 11/31/69
Source :
Length :
EventType :
ClosingRecordNumber :
RecordNumber :
Data :
Strings :
TimeWritten :
TimeGenerated :
Category :
Computer :
EventID : 0

But there are definately events in the log.  
Also, how would i loop through all the events?  (I know this sounds basic, but I'm just starting with perl and appreciate your help)

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207794
Yes, but are there events in your *security* log? (Mine was empty, I'm not even certain what events go in there).

Try changing 'Security' to 'System'. Use Event Viewer to verify there are really events there.

0
 
LVL 6

Expert Comment

by:alamo
ID: 1207795
In terms of looping through the availabel events, the easiest is a simple for loop:

for ($i = 0; $i < $NumberOfEvents; $i++ {
}

And change $oldest in the Read line to $oldest+$i

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:darin
ID: 1207796
Yup, you're right.  Thanks again.  Any ideas on the looping for, say, the most recent 20 events.  I am trying to build a web interface to see the events on our web server from any browser (with security of course).  

Darin
darin@xcape.com
0
 
LVL 6

Accepted Solution

by:
alamo earned 100 total points
ID: 1207797
Try this for the latest 20:

for ($i=0, $position=$oldest+$NumberOfEvents-1; $i < 20 && $position >= $oldest; $i++, $position--) {

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$position,$event);

-- etc --
}
0
 

Author Comment

by:darin
ID: 1207798
Alamo, please post an answer again, so I can grade it.

Thanks again,

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207799
Thanks for grading quickly Darin. By the way, I just did a quick test and the script runs as a CGI (I expected permissions to be an issue, but apparently not). Good luck!


0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now