How can I use python to look at and sort event viewer by event type?

junk at aol.com junk at aol.com
Wed May 21 09:59:39 EDT 2003 

Mark Hammond wrote:

> junk at aol.com wrote:
> > How can I use python to look at and sort event viewer by event type? 
> > I'm very new at programing in general so forgive me for my naivety.  I
> > bought Python Programming for WIN32 and there is something in there for
> > reading the sourcename but I need to be able to read the Event types. 
> > I've tried to modify the example from the book for source name but I've
> > not been able to figure it out and I'm becoming increasingly frustrated.
> >  I'm sure there is an easy way of doing this but I'm having a hard time
> > finding it.
> > 
> > This is the script I found for the source name.
> > import win32evtlog
> > h=win32evtlog.OpenEventLog(XYZ, "Application")
> > flags=win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
> > records=win32evtlog.ReadEventLog(h, flags,0)
> > records[0].SourceName
> > 
> > If I substitute SourceName for EventType I get a number but I want it to
> > show if its a warning, success, or an error.
> 
> I think you will find the number corresponds to one of 
> win32evtlog.EVENTLOG_ERROR_TYPE, win32evtlog.EVENTLOG_WARNING_TYPE or 
> win32evtlog.EVENTLOG_INFORMATION_TYPE.  There are also some other 
> constants for audit records etc.
> 
> Mark.
> 
Thank you. I'm having one last problem.  When I run this script instead
of giving me information from my System log it pulls information from my
Application log.  I'm sure I'm missing something simple but I cant seem
to get it to work no matter what I do.


import win32evtlog, win32evtlogutil
    win32evtlog.OpenEventLog(None, "System")
win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
    print "Event Viewer System log"
    def CheckRecord(record):
        if str(record.EventType)=="2":
            print "Have Warning for %s written at %s" % \
            (record.SourceName, record.TimeWritten.Format())
        elif str(record.EventType)=="1":
            print "Have Error for %s written at %s " % \
            (record.SourceName, record.TimeWritten.Format())
    win32evtlogutil.FeedEventLogRecords(CheckRecord)

More information about the Python-list mailing list