[python-win32] win32evtlog

Fri Mar 26 03:51:34 EST 2004

>Hello,

Hi,

>I am trying to get just the "Information" (or "Warning") type events from 

>eventlog, and it seems to fail:
>1. from win32evtlog import *
>2. handle = OpenEventLog("", "system")
>3. flags = EVENTLOG_BACKWARDS_READ |\
>           EVENTLOG_SEQUENTIAL_READ |\ 
>           EVENTLOG_INFORMATION_TYPE

I don't think you can use these flags. The only ones usable are : 
'EVENTLOG_BACKWARDS_READ', 'EVENTLOG_FORWARDS_READ', 'EVENTLOG_SEEK_READ', 
'EVENTLOG_SEQUENTIAL_READ'. If you look at the value you can see that 
these ones are compatible.
For example, EVENTLOG_SEQUENTIAL_READ == EVENTLOG_ERROR_TYPE, so if you 
"pipe" you don't get any additionnal information.

>These combinations it works great however:
>EVENTLOG_ERROR_TYPE (for system and application log)
>EVENTLOG_AUDIT_SUCCESS and EVENTLOG_AUDIT_FAILURE (for security log)

Seems strange to me.

>So I am not sure what is wrong with my flags parameter. Can someone 
please 
>assist me?

I can give you my way to do this :

<code>
import win32evtlog

handle = win32evtlog.OpenEventLog("", "System")
flags = 
win32evtlog.EVENTLOG_FORWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
event_list = win32evtlog.ReadEventLog(handle, flags, 0)

while self.event_list != [] :
        for event in self.event_list :
                # filter with the type of event you want
                if event.EventType == win32evtlog. 
EVENTLOG_INFORMATION_TYPE :
                        print event.SourceName
        event_list = win32evtlog.ReadEventLog(handle, flags, 0)
</code>

Hope this help.

> Thanks
> Hari

--
Thomas