Solved

NT Event Log problem

Posted on 1998-06-09
8
186 Views
Last Modified: 2010-03-05
I am trying to use perl to show me info from my NT event log.  However, when I run the script, I get the headers with no information.  Any help would be appreciated.  The script is as follows:

use Win32::EventLog;

my $EventLog;
my %event=(
      'Length',NULL,
      'RecordNumber',NULL,
      'TimeGenerated',NULL,
      'TimeWritten',NULL,
      'EventID',NULL,
      'EventType',NULL,  
      'Category',NULL,
      'ClosingRecordNumber',NULL,
      'Source',NULL,
      'Computer',NULL,
      'Strings',NULL,
      'Data',NULL,
);

my %EventType = (0,'Error',2,'Warning',4,'Information',
8,'Audit success',16,'Audit failure');

#Opening the log file on my computer, looking for system's events      
$EventLog = new Win32::EventLog( 'Security' ) || die $!;

#Reading the first event
$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),1,$event);

#Conversion of the date
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
            = localtime($event->{'TimeGenerated'});

#printing the event
print "date : $mon/$mday/$year\n";

#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;

#readable EventType
$event->{'EventType'} = $EventType{ $event->{'EventType'} };

#split the strings
$event->{'Strings'} =~ tr/\0/\n/;

#Print the Event
foreach $i (keys %event)
{
print "$i : $event->{$i}\n";
}
0
Comment
Question by:darin
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:alamo
ID: 1207792
Hi again...

Add the following code before #Reading the first event:

$EventLog->GetOldest($oldest);
print "Oldest in log: $oldest\n";
$EventLog->GetNumber($NumberOfEvents);
print "Number in Log: $NumberOfEvents\n";

And change the Read to:

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$oldest,$event);

(Note that 1 became $oldest in the above line).

Good Luck! (By the way, please grade the other question I answered for you).
0
 

Author Comment

by:darin
ID: 1207793
This is what I get:

Oldest in log: 0
Number in Log: 0
date : 11/31/69
Source :
Length :
EventType :
ClosingRecordNumber :
RecordNumber :
Data :
Strings :
TimeWritten :
TimeGenerated :
Category :
Computer :
EventID : 0

But there are definately events in the log.  
Also, how would i loop through all the events?  (I know this sounds basic, but I'm just starting with perl and appreciate your help)

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207794
Yes, but are there events in your *security* log? (Mine was empty, I'm not even certain what events go in there).

Try changing 'Security' to 'System'. Use Event Viewer to verify there are really events there.

0
 
LVL 6

Expert Comment

by:alamo
ID: 1207795
In terms of looping through the availabel events, the easiest is a simple for loop:

for ($i = 0; $i < $NumberOfEvents; $i++ {
}

And change $oldest in the Read line to $oldest+$i

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:darin
ID: 1207796
Yup, you're right.  Thanks again.  Any ideas on the looping for, say, the most recent 20 events.  I am trying to build a web interface to see the events on our web server from any browser (with security of course).  

Darin
darin@xcape.com
0
 
LVL 6

Accepted Solution

by:
alamo earned 100 total points
ID: 1207797
Try this for the latest 20:

for ($i=0, $position=$oldest+$NumberOfEvents-1; $i < 20 && $position >= $oldest; $i++, $position--) {

$EventLog->Read((EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ),$position,$event);

-- etc --
}
0
 

Author Comment

by:darin
ID: 1207798
Alamo, please post an answer again, so I can grade it.

Thanks again,

Darin
0
 
LVL 6

Expert Comment

by:alamo
ID: 1207799
Thanks for grading quickly Darin. By the way, I just did a quick test and the script runs as a CGI (I expected permissions to be an issue, but apparently not). Good luck!


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Perl Script to append xml file 32 192
Extract multiple value with delimiters from a string 4 168
perl split by | 2 91
PERL - Find newest folder 12 118
I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now