How do I read the event header using Win32::EventLog?
am 09.02.2009 05:31:05 von Chandra Ramesh--===============1738744694==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_7E6556E29FAE084590BE56A0BB7AA5CC0489E29DF3INB LRK77M2MSX_"
--_000_7E6556E29FAE084590BE56A0BB7AA5CC0489E29DF3INBLRK77M2M SX_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello,
How do I read the "event header" from the event logs on a Windows m=
achine.
I have the Win32::EventLog module and I am able to read the message=
.. But I would like to get the 'date" and 'time' of the event which occurred=
..
So, how do I get the date and time of an event using Win32::Eventlo=
g module?
Thanks and Regards,
Ramesh Chandra
--_000_7E6556E29FAE084590BE56A0BB7AA5CC0489E29DF3INBLRK77M2M SX_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
>
ead the "event header" from the event logs on a Windows machine.<=
/font>
Win32::EventLog module and I am able to read the message. But I would like=
to get the 'date" and 'time' of the event which occurred.
I get the date and time of an event using Win32::Eventlog module?=
div>
--_000_7E6556E29FAE084590BE56A0BB7AA5CC0489E29DF3INBLRK77M2M SX_--
--===============1738744694==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ActivePerl mailing list
ActivePerl@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
--===============1738744694==--
Re: How do I read the event header using Win32::EventLog?
am 09.02.2009 05:50:52 von Bill LuebkertChandra, Ramesh H.S. IN BLR SISL wrote:
>
>
> Hello,
>
> How do I read the "event header" from the event logs on a
> Windows machine.
>
> I have the Win32::EventLog module and I am able to read the
> message. But I would like to get the 'date" and 'time' of the event
> which occurred.
> So, how do I get the date and time of an event using
> Win32::Eventlog module?
You're supposed to insert code to be scrutinized to illicit suggestions
on how to fix it.
Starting with the example in the pod section and fixing it for strict:
use strict;
use warnings;
use Win32::EventLog;
my $base = 0;
my $recs = 0;
my $handle = Win32::EventLog->new("System") or die "Open System Log: $! ($^E)";
$handle->GetNumber($recs) or die "Get number of records: $! ($^E)";
print "recs=$recs\n";
$handle->GetOldest($base) or die "Get oldest record: $! ($^E)";
print "base=$base\n";
my $x = 0;
my $hashref;
while ($x < $recs) {
$handle->Read(EVENTLOG_FORWARDS_READ | EVENTLOG_SEEK_READ, $base + $x,
$hashref) or die "Read entry '$x': $! ($^E)";
if ($hashref->{Source} eq "EventLog") {
Win32::EventLog::GetMessageText($hashref);
print "Entry $x: $hashref->{Message}\n";
print Data::Dumper->Dump([$hashref], [qw($hashref)]);
}
++$x;
}
__END__
This is what a dump of the hashref looks like - all the info should
be in there:
$hashref = {
'Category' => 0,
'ClosingRecordNumber' => 0,
'Computer' => 'computername',
'Data' => '',
'EventID' => '-2147477639',
'EventType' => 4,
'Length' => 0,
'Message' => 'Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor
Free.
',
'RecordNumber' => 25753,
'Source' => 'EventLog',
'Strings' => '5.01. 2600 Service Pack 3 Uniprocessor Free ',
'TimeGenerated' => 1228652519,
'Timewritten' => 1228652519,
'User' => ''
};
_______________________________________________
ActivePerl mailing list
ActivePerl@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: How do I read the event header using Win32::EventLog?
am 09.02.2009 09:40:26 von francois.bourgneufHi,
Recently, I've had to read the Windows Event Log and I used the logpaser to=
ol =
http://www.microsoft.com/DownLoads/details.aspx?FamilyID=3D8 90cd06b-abf8-4c=
25-91b2-f8d975cf8c07&displaylang=3Den
I found this was the most convinient way to parse the eventlog.
Sample code :
LogParser.exe -stats:OFF "select EventType,TimeGenerated,SourceName,EventID=
,Strings,message from C:/WINDOWS/system32/config/sysevent.evt where (eventi=
d=3D50 or EventType=3D1 or eventid=3D1074)" -i:EVT -o:CSV
Bour9
> -----Message d'origine-----
> De : activeperl-bounces@listserv.ActiveState.com =
> [mailto:activeperl-bounces@listserv.ActiveState.com] De la =
> part de Bill Luebkert
> Envoy=E9 : lundi 9 f=E9vrier 2009 05:51
> =C0 : Chandra, Ramesh H.S. IN BLR SISL
> Cc : activeperl@listserv.activestate.com
> Objet : Re: How do I read the event header using Win32::EventLog?
> =
> Chandra, Ramesh H.S. IN BLR SISL wrote:
> > =
> > =
> > Hello,
> > =
> > How do I read the "event header" from the event logs on a =
> > Windows machine.
> > =
> > I have the Win32::EventLog module and I am able to read the =
> > message. But I would like to get the 'date" and 'time' of the event =
> > which occurred.
> > So, how do I get the date and time of an event using =
> > Win32::Eventlog module?
> =
> You're supposed to insert code to be scrutinized to illicit =
> suggestions
> on how to fix it.
> =
> Starting with the example in the pod section and fixing it for strict:
> =
> use strict;
> use warnings;
> use Win32::EventLog;
> =
> my $base =3D 0;
> my $recs =3D 0;
> =
> my $handle =3D Win32::EventLog->new("System") or die "Open =
> System Log: $! ($^E)";
> $handle->GetNumber($recs) or die "Get number of records: $! ($^E)";
> print "recs=3D$recs\n";
> $handle->GetOldest($base) or die "Get oldest record: $! ($^E)";
> print "base=3D$base\n";
> =
> my $x =3D 0;
> my $hashref;
> while ($x < $recs) {
> =
> $handle->Read(EVENTLOG_FORWARDS_READ | =
> EVENTLOG_SEEK_READ, $base + $x,
> $hashref) or die "Read entry '$x': $! ($^E)";
> if ($hashref->{Source} eq "EventLog") {
> Win32::EventLog::GetMessageText($hashref);
> print "Entry $x: $hashref->{Message}\n";
> print Data::Dumper->Dump([$hashref], [qw($hashref)]);
> }
> ++$x;
> }
> =
> __END__
> =
> This is what a dump of the hashref looks like - all the info should
> be in there:
> =
> $hashref =3D {
> 'Category' =3D> 0,
> 'ClosingRecordNumber' =3D> 0,
> 'Computer' =3D> 'computername',
> 'Data' =3D> '',
> 'EventID' =3D> '-2147477639',
> 'EventType' =3D> 4,
> 'Length' =3D> 0,
> 'Message' =3D> 'Microsoft (R) Windows (R) 5.01. 2600 Service =
> Pack 3 Uniprocessor
> Free.
> ',
> 'RecordNumber' =3D> 25753,
> 'Source' =3D> 'EventLog',
> 'Strings' =3D> '5.01. 2600 Service Pack 3 Uniprocessor Free ',
> 'TimeGenerated' =3D> 1228652519,
> 'Timewritten' =3D> 1228652519,
> 'User' =3D> ''
> };
> =
> _______________________________________________
> ActivePerl mailing list
> ActivePerl@listserv.ActiveState.com
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
> =
> =
_______________________________________________
ActivePerl mailing list
ActivePerl@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
RE: How do I read the event header using Win32::EventLog?
am 09.02.2009 10:34:33 von Chandra RameshHi Luebkert,
Thanks a lot for this.
I could get the info by getting the value of hashref->{TimeGenerated}.
I pass this hash reference to localtime function as below:
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($hashRef->{TimeGenerated});
From the above, one can get the Date and the Time of the event.
Thanks and Regards,
Ramesh Chandra
-----Original Message-----
From: Bill Luebkert [mailto:dbecoll@roadrunner.com]
Sent: Monday, February 09, 2009 10:21 AM
To: Chandra, Ramesh H.S. IN BLR SISL
Cc: activeperl@listserv.activestate.com
Subject: Re: How do I read the event header using Win32::EventLog?
Chandra, Ramesh H.S. IN BLR SISL wrote:
>
>
> Hello,
>
> How do I read the "event header" from the event logs on a
> Windows machine.
>
> I have the Win32::EventLog module and I am able to read the
> message. But I would like to get the 'date" and 'time' of the event
> which occurred.
> So, how do I get the date and time of an event using
> Win32::Eventlog module?
You're supposed to insert code to be scrutinized to illicit suggestions on how to fix it.
Starting with the example in the pod section and fixing it for strict:
use strict;
use warnings;
use Win32::EventLog;
my $base = 0;
my $recs = 0;
my $handle = Win32::EventLog->new("System") or die "Open System Log: $! ($^E)";
$handle->GetNumber($recs) or die "Get number of records: $! ($^E)"; print "recs=$recs\n";
$handle->GetOldest($base) or die "Get oldest record: $! ($^E)"; print "base=$base\n";
my $x = 0;
my $hashref;
while ($x < $recs) {
$handle->Read(EVENTLOG_FORWARDS_READ | EVENTLOG_SEEK_READ, $base + $x,
$hashref) or die "Read entry '$x': $! ($^E)";
if ($hashref->{Source} eq "EventLog") {
Win32::EventLog::GetMessageText($hashref);
print "Entry $x: $hashref->{Message}\n";
print Data::Dumper->Dump([$hashref], [qw($hashref)]);
}
++$x;
}
__END__
This is what a dump of the hashref looks like - all the info should be in there:
$hashref = {
'Category' => 0,
'ClosingRecordNumber' => 0,
'Computer' => 'computername',
'Data' => '',
'EventID' => '-2147477639',
'EventType' => 4,
'Length' => 0,
'Message' => 'Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor
Free.
',
'RecordNumber' => 25753,
'Source' => 'EventLog',
'Strings' => '5.01. 2600 Service Pack 3 Uniprocessor Free ',
'TimeGenerated' => 1228652519,
'Timewritten' => 1228652519,
'User' => ''
};
_______________________________________________
ActivePerl mailing list
ActivePerl@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs