Help Eventlog Perl Script

Help Eventlog Perl Script

am 28.05.2007 17:27:16 von jrcjlp

All,

I will appreciate all help with the following script.

NOTE: I found the script at http://www.roth.net/perl/scripts/

Run the script : perl scriptname.pl -t AUDIT_SUCCESS -l Security -n 5
> filename.txt

How do I set the variables in the script and send the result to
filename.txt

# CheckEventLog.pl
# This script checks the Win32 Event Log for various errors.

use Getopt::Long;
use Time::Local;
use Win32::EventLog;

$VERSION = 20070522;
$SEC = 1;
$MIN = 60 * $SEC;
$HOUR = 60 * $MIN;
$DAY = 24 * $HOUR;

# open up MYFILE for writing
open(OUT,">myfile.txt") or die "Can't open up myfile: $!\n";

%EVENT_TYPE = (
eval EVENTLOG_AUDIT_FAILURE => 'AUDIT_FAILURE',
eval EVENTLOG_AUDIT_SUCCESS => 'AUDIT_SUCCESS',
eval EVENTLOG_ERROR_TYPE => 'ERROR',
eval EVENTLOG_WARNING_TYPE => 'WARNING',
eval EVENTLOG_INFORMATION_TYPE => 'INFORMATION',
);

%Config = (
log => 'Security',
);

Configure( \%Config );
if( $Config{help} )
{
Syntax();
exit;
}
if( defined $Config{date} )
{
my( $Year, $Month, $Day ) = ( $Config{date} =~ /^(\d{4}).(\d{2}).
(\d{2})/ );
$TIME_LIMIT = timelocal( 0, 0, 0, $Day, $Month - 1, $Year -
1900 );
}

elsif( $Config{hour} || $Config{day} || $Config{min})
{
$TIME_LIMIT = time() - ( $DAY * $Config{day} ) - ( $HOUR *
$Config{hour} ) - ( $MIN * $Config{min} );
}

if( ! scalar @{$Config{machine}} )
{
push( @{$Config{machine}}, Win32::NodeName );
}

if( defined( $Config{type} ) )
{
foreach my $Mask ( @{$Config{type}} )
{
# Try referencing the EVENTLOG_xxxx_TYPE and EVENTLOG_xxxxx
# constants. One of them is bound to work.
$EVENT_MASK |= eval( "EVENTLOG_" . uc( $Mask ) . "_TYPE" );
$EVENT_MASK |= eval( "EVENTLOG_" . uc( $Mask ) );
}
}
else
{
map
{
$EVENT_MASK |= 0 + $_;
}( keys( %EVENT_TYPE ) );
}

# Tell the extension to always attempt to fetch the
# event log message table text
$Win32::EventLog::GetMessageText = 1;
$~ = MYFILE;
foreach my $Machine ( @{$Config{machine}} )
{
my $MYFILE;
if( $MYFILE = Win32::EventLog->new( $Config{log}, $Machine ) )
{
my %Records;
local %Event;
local $Count = 0;

while( ( $MYFILE->Read( EVENTLOG_BACKWARDS_READ
| EVENTLOG_SEQUENTIAL_READ,
0,
\%Event ) )
&& ( $Event{TimeGenerated} > $TIME_LIMIT ) )
{
# Display the event if it is one of our requested
# event types
$Count++;
write if( $Event{EventType} & $EVENT_MASK );
}
}
else
{
print "Can not connect to the $Config{log} Event Log on
$Machine.\n";
}
}

sub Configure
{
my( $Config ) = @_;

Getopt::Long::Configure( "prefix_pattern=(-|\/)" );
$Result = GetOptions( $Config,
qw(
machine|m=s@
log|l=s
type|t=s@
hour|h=i
min|n=i
day|d=i
date=s
help|?
)
);
$Config->{help} = 1 if( ! $Result );
push( @{$Config->{machine}}, Win32::NodeName() ) unless( scalar
@{$Config->{machine}} );
}

sub Syntax
{
my( $Script ) = ( $0 =~ /([^\\]*?)$/ );
my $Whitespace = " " x length( $Script );
print<< "EOT";

Syntax:
$Script [-m Machine] [-t EventType] [-l Log]
$Whitespace [-n Minutes] [-h Hours] [-d Days] [-date Date]
$Whitespace [-help]
-m Machine......Name of machine whose Event Log is to be
examined.
This switch can be specified multiple times.
-t EventType....Type of event to display:
ERROR
WARNING
INFORMATION
AUDIT_SUCCESS
AUDIT_FAILURE
This switch can be specified multiple times.
-l Log..........Name of Event Log to examine. Common examples:
Application
Security
System
This switch can be specified multiple times.
-h Hours........Will consider events between now and the
specified
number of hours previous.
-n Minutes......Will consider events between now and the
specified
number of minutes previous.
-d Days.........Will consider events between now and the
specified
number of days previous.
-date Date......Will consider events between now and the
specified
date. Date is in international time format
(eg. 2007.05.22)
EOT
}

format MYFILE =
---------------------------------
@>>>>> @<<<<<<<<<<<<<<<<<<<<<<<<<<<<
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{EventID}, "\\\\" . $Event{Computer}, $Event{Message}
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
scalar localtime( $Event{TimeGenerated} ), $Event{Message}
Type: @<<<<<<<<<<<<<<<<<<<<<<
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$EVENT_TYPE{$Event{EventType}}, $Event{Message}
Source: @<<<<<<<<<<<<<<<<<<<<
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Source}, $Event{Message}
~
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Message}
~
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Message}
~
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Message}
~
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Message}
~
^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$Event{Message}
..

Re: Help Eventlog Perl Script

am 29.05.2007 20:02:55 von nobull67

On May 28, 4:27 pm, jrc...@yahoo.com wrote:
>
> Newgroups: comp.lang.perl.modules

> I will appreciate all help with the following script.

Can you explain what you think this has anything to do with modules?

> NOTE: I found the script athttp://www.roth.net/perl/scripts/

Note: the comp.lang.* Usenet hierarchy is for discussing and learning
programming languages. It's not a resource for people with no interest
in learning a programming language to get free bespoke alterations
made to programs you found laying about somewhere.

> Run the script : perl scriptname.pl -t AUDIT_SUCCESS -l Security -n 5
>
> > filename.txt
>
> How do I set the variables in the script and send the result to
> filename.txt

It is almost completely unclear what you could be asking. When asking
a question always read it back pretending you didn't already know what
you were trying to ask.

The only thing I can guess is that you are asking is how you could
modify the script so that just doing...

perl scriptname.pl

....would have the effect you currently get from...

perl scriptname.pl -t AUDIT_SUCCESS -l Security -n 5 > filename.txt

Is that what you were asking?

Re: Help Eventlog Perl Script

am 29.05.2007 22:04:32 von jrcjlp

On May 29, 2:02 pm, Brian McCauley wrote:
> On May 28, 4:27 pm, jrc...@yahoo.com wrote:
>
>
>
> > Newgroups: comp.lang.perl.modules
> > I will appreciate all help with the following script.
>
> Can you explain what you think this has anything to do with modules?
>
> > NOTE: I found the script athttp://www.roth.net/perl/scripts/
>
> Note: the comp.lang.* Usenet hierarchy is for discussing and learning
> programming languages. It's not a resource for people with no interest
> in learning a programming language to get free bespoke alterations
> made to programs you found laying about somewhere.
>
> > Run the script : perl scriptname.pl -t AUDIT_SUCCESS -l Security -n 5
>
> > > filename.txt
>
> > How do I set the variables in the script and send the result to
> > filename.txt
>
> It is almost completely unclear what you could be asking. When asking
> a question always read it back pretending you didn't already know what
> you were trying to ask.
>
> The only thing I can guess is that you are asking is how you could
> modify the script so that just doing...
>
> perl scriptname.pl
>
> ...would have the effect you currently get from...
>
> perl scriptname.pl -t AUDIT_SUCCESS -l Security -n 5 > filename.txt
>
> Is that what you were asking?


New to perl just was asking for help. Sorry I posted/asked question
in wrong group.


Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply
Please, no reply