[python-win32] win32evtlog

Srihari Vijayaraghavan harisri at telstra.com
Fri Mar 26 20:07:35 EST 2004 

Hello Thomas,

Thanks for your response.

I did not realise (rather surprised that) EVENTLOG_(INFORMATION|WARNING|ERROR)_TYPE and EVENTLOG_AUDIT_(SUCCESS|FAILURE) cannot be used in win32evtlog.ReadEventLog()'s flags parameter.

Thanks for your sample code too. I shall try with your tips.

Hari.

----- Original Message -----
From: Thomas HERVE <therve at neocles.com>
Date: Friday, March 26, 2004 7:51 pm
Subject: Re: [python-win32] win32evtlog

> >Hello,
> 
> Hi,
> 
> >I am trying to get just the "Information" (or "Warning") type 
> events from 
> 
> >eventlog, and it seems to fail:
> >1. from win32evtlog import *
> >2. handle = OpenEventLog("", "system")
> >3. flags = EVENTLOG_BACKWARDS_READ |\
> >           EVENTLOG_SEQUENTIAL_READ |\ 
> >           EVENTLOG_INFORMATION_TYPE
> 
> I don't think you can use these flags. The only ones usable are : 
> 'EVENTLOG_BACKWARDS_READ', 'EVENTLOG_FORWARDS_READ', 
> 'EVENTLOG_SEEK_READ', 
> 'EVENTLOG_SEQUENTIAL_READ'. If you look at the value you can see 
> that 
> these ones are compatible.
> For example, EVENTLOG_SEQUENTIAL_READ == EVENTLOG_ERROR_TYPE, so if 
> you 
> "pipe" you don't get any additionnal information.
> 
> >These combinations it works great however:
> >EVENTLOG_ERROR_TYPE (for system and application log)
> >EVENTLOG_AUDIT_SUCCESS and EVENTLOG_AUDIT_FAILURE (for security log)
> 
> Seems strange to me.
> 
> >So I am not sure what is wrong with my flags parameter. Can 
> someone 
> please 
> >assist me?
> 
> I can give you my way to do this :
> 
> <code>
> import win32evtlog
> 
> handle = win32evtlog.OpenEventLog("", "System")
> flags = 
> win32evtlog.EVENTLOG_FORWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
> event_list = win32evtlog.ReadEventLog(handle, flags, 0)
> 
> while self.event_list != [] :
>        for event in self.event_list :
>                # filter with the type of event you want
>                if event.EventType == win32evtlog. 
> EVENTLOG_INFORMATION_TYPE :
>                        print event.SourceName
>        event_list = win32evtlog.ReadEventLog(handle, flags, 0)
> </code>
> 
> Hope this help.
> 
> > Thanks
> > Hari
> 
> --
> Thomas
> 
> _______________________________________________
> Python-win32 mailing list
> Python-win32 at python.org
> http://mail.python.org/mailman/listinfo/python-win32
>

More information about the Python-win32 mailing list