[python-win32] Python parser for Windows Event Logs
Tim Golden
mail at timgolden.me.uk
Thu Jul 9 23:20:56 CEST 2009
Tony Cappellini wrote:
> Thanks, but those just monitor events.
>
> I need to pull some very specific data from an event log file, after I
> know the event has already occurred.
>
> Tim has another module called winsys, and there is an object which
> handles some aspects of reading event logs.
> http://timgolden.me.uk/python/winsys/event_logs.html#module-event_logs
>
> Tim - what I need to is pull this structure
> http://msdn.microsoft.com/en-us/library/ms810313.aspx
>
> from the event log, AFTER an event 51 has already occurred.
> http://support.microsoft.com/kb/244780
>
> I can easily look at the Event Viewer to determine if the event has occurred.
>
> I don't see it at a glance, but does your winsys module have a way to do this?
>
> If not, I'll just have to hard code offsets and use the struct module to get it.
You can certainly get hold of the event log record via
WMI or via WinSys (which just wraps the pywin32 module
someone else referred to). But there's not special code
for reconstructing the rather specific data structure
you refer to. You'll need to use struct or ctypes for
that.
Let me know if you need help getting the data out in
the first place; I'm not clear whether you've got that
covered or not. (And whether you want to be notified
when the event fires or whether you're merely scanning
historically).
TJG
More information about the python-win32
mailing list