[python-win32] win32evtlog - Event Log parsing issue

Tim Keeler biotech at gmail.com
Fri May 4 18:29:14 CEST 2012 

Oh Geesh - I didn't even think about looking at the .chm help file. I was
looking at the docs located here -
http://docs.activestate.com/activepython/2.7/pywin32/win32evtlog.html. This
is my first time using Python on Windows, so I apologize for the n00b
mistake.

I'll check out EvtQuery->EvtNext->EvtRender, I think this is exactly what I
need!

Thank you for all of your help.

-Tim

On Thu, May 3, 2012 at 8:47 PM, Roger Upole <rupole at hotmail.com> wrote:

> Mark is right, the handles are not interchangable between the older event
> log functions and the newer Evt* functions.  You can still use the older
> APIs on Vista and later, though.  OpenEventLog returns a handle
> compatible with ReadEventLog.
> To use the newer functions, try EvtQuery->EvtNext->EvtRender.
>
> Regarding the docs, the Evt* functions appear in the latest .chm help file.
> Which documentation are you looking at ?
>
>    Roger
>
> "Tim Keeler" <biotech at gmail.com> wrote in message
> news:CAJpmmnW0T1SZVkYqcvsGsnritencuQYszD0KGNx8sKPnD+Rwbg at mail.gmail.com...
> > Thanks for the reply, Mark!
> >
> > I took a look and didn't see the EvtGetLogInfo() implemented anywhere in
> > the source. Hopefully Roger will be able to figure out what's going on
> here.
> >
> > -Tim
> >
> > On Thu, May 3, 2012 at 4:35 PM, Mark Hammond <skippy.hammond at gmail.com
> >wrote:
> >
> >> I'm afraid I'm not familiar with that API, but the crash is because
> >> EvtOpenLog is returning a handle with a value of 1 and ReadEventLog is
> >> crashing with that handle.  A quick google doesn't find anyone trying to
> >> use ReadEventLog with a handle returned by EvtOpenLog but instead uses
> >> EvtGetLogInfo.
> >>
> >> Roger Upole added support for these functions so hopefully he is reading
> >> this and has more experience with the API (and the fact they aren't in
> the
> >> generated docs should indeed be treated as a bug!)
> >>
> >> Mark
> >>
> >>
> >> On 4/05/2012 1:42 AM, Tim Keeler wrote:
> >>
> >>> Hello,
> >>>
> >>> I'm having a problem with win32evtlog and reading events from an event
> >>> log channel on Windows Server 2008 R2. I'm using the following code and
> >>> get the following error (python.exe APPCRASH no exceptions):
> >>>
> >>>    #!/usr/bin/python
> >>>
> >>>    # Windows Event Log Viewer
> >>>    import win32evtlog # requires pywin32 pre-installed
> >>>
> >>>    hand = win32evtlog.EvtOpenLog('**ForwardedEvents',1,None)
> >>>    flags =
> >>>    win32evtlog.EVENTLOG_**BACKWARDS_READ|win32evtlog.**
> >>> EVENTLOG_SEQUENTIAL_READ
> >>>
> >>>    *events = win32evtlog.ReadEventLog(hand, flags, 0)*
> >>>
> >>>
> >>>
> >>> The last line calling ReadEventLog() is what causes the crash. I had to
> >>> read through the source code to find the function EvtOpenLog() for
> >>> channel support, this isn't in the latest documentation. So I'm not
> sure
> >>> if this is still experimental or not.
> >>>
> >>> Any help or guidance would be greatly appreciated. I'm using Python
> 2.7.3
> >>>
> >>>    Problem signature:
> >>>       Problem Event Name:APPCRASH
> >>>       Application Name:python.exe
> >>>       Application Version:0.0.0.0
> >>>       Application Timestamp:4f84a6c8
> >>>       Fault Module Name:ADVAPI32.dll
> >>>       Fault Module Version:6.1.7600.16385
> >>>       Fault Module Timestamp:4a5bd97e
> >>>       Exception Code:c0000005
> >>>       Exception Offset:00019347
> >>>       OS Version:6.1.7600.2.0.0.274.10
> >>>       Locale ID:1033
> >>>       Additional Information 1:0a9e
> >>>       Additional Information 2:**0a9e372d3b4ad19135b953a78882e7**89
> >>>       Additional Information 3:0a9e
> >>>       Additional Information 4:**0a9e372d3b4ad19135b953a78882e7**89
> >>>
> >>>    Read our privacy statement online:
> >>>    http://go.microsoft.com/**fwlink/?linkid=104288&clcid=**0x0409<
> http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409>
> >>>
> >>>    If the online privacy statement is not available, please read our
> >>>    privacy statement offline:
> >>>       C:\Windows\system32\en-US\**erofflps.txt
> >>>
> >>>
> >>>
> >>>
> >>> ______________________________**_________________
> >>> python-win32 mailing list
> >>> python-win32 at python.org
> >>> http://mail.python.org/**mailman/listinfo/python-win32<
> http://mail.python.org/mailman/listinfo/python-win32>
> >>>
> >>>
> >>
> >>
> >
>
>
>
> --------------------------------------------------------------------------------
>
>
> > _______________________________________________
> > python-win32 mailing list
> > python-win32 at python.org
> > http://mail.python.org/mailman/listinfo/python-win32
> >
>
>
>
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> http://mail.python.org/mailman/listinfo/python-win32
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20120504/9f18fd37/attachment.html>

More information about the python-win32 mailing list