extracting event logs to a file

From: Gnaneshwar Babu (mail2gnana_at_netscape.net)
Date: 12/31/03

  • Next message: Jürgen Exner: "Re: array operations" 
    Date: 31 Dec 2003 00:24:54 -0800

    Hi

    I am facing a problem with extracting event logs of win32 to a file.
    Am using the following code to extract eventlogs to file

    use Win32::EventLog;
     $handle=Win32::EventLog->new("System", $ENV{ComputerName})
            or die "Can't open Application EventLog\n";
     $handle->GetNumber($recs)
            or die "Can't get number of EventLog records\n";
     $handle->GetOldest($base)
            or die "Can't get number of oldest EventLog record\n";
     while ($x < $recs) {
            $handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,
                                      $base+$x,
                                      $hashRef)
                    or die "Can't read EventLog entry #$x\n";
            if ($hashRef->{Source} eq "EventLog") {
                    Win32::EventLog::GetMessageText($hashRef);
                    print "Entry $x: $hashRef->{Message}\n";
            }
            $x++;
     }

    from this program i used get a output as shown bellow
    ----------------------------------------------------------------
    C:\babu>perl eventlogg.pl
    Entry : The Event log service was stopped.

    Entry 1: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
    Uniprocessor Fre
    e.

    Entry 2: The Event log service was started.

    Entry 3: The Event log service was stopped.

    Entry 4: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
    Uniprocessor Fre
    e.

    Entry 5: The Event log service was started.

    Entry 6: The Event log service was stopped.

    Entry 7: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
    Uniprocessor Fre
    e.

    Entry 8: The Event log service was started.

    Entry 21: The Event log service was stopped.

    Entry 22: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
    Uniprocessor Fr
    ee.

    Entry 23: The Event log service was started.

    Entry 24: The Event log service was stopped.

    Entry 25: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
    Uniprocessor Fr
    ee.
    --------------------------------------------------------------------
    but i need a output as shown bellow

    ----------------------------------------------------------------------
    Type Date Time Source Category Event User Computer
    Information 12/31/2003 11:15:38 AM Dnsapi None 11152 N/A BDCVF-6GZR
    Information 12/31/2003 11:15:17 AM VMnetuserif None 4 N/A BDCVF-6GZR
    Information 12/31/2003 11:15:17 AM VMnetuserif None 1 N/A BDCVF-6GZR
    Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
    Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
    Information 12/31/2003 11:14:40 AM eventlog None 6005 N/A BDCVF-6GZR
    Information 12/31/2003 11:14:40 AM eventlog None 6009 N/A BDCVF-6GZR
    Information 12/31/2003 11:13:42 AM eventlog None 6006 N/A BDCVF-6GZR
    Warning 12/30/2003 1:40:08 PM Dnsapi None 11150 N/A BDCVF-6GZR
    Information 12/30/2003 1:40:08 PM Dnsapi None 11156 N/A BDCVF-6GZR
    Warning 12/30/2003 1:28:51 PM Dnscache None 11050 N/A BDCVF-6GZR
    Information 12/30/2003 1:22:52 PM Browser None 8033 N/A BDCVF-6GZR
    Information 12/30/2003 1:20:49 PM Dnsapi None 11152 N/A BDCVF-6GZR
    Information 12/30/2003 1:20:48 PM Dnsapi None 11152 N/A BDCVF-6GZR
    Information 12/26/2003 8:50:04 PM Application
    Popup None 26 N/A BDCVF-6GZR
    Information 12/24/2003 6:26:53 PM W32Time None 593 N/A BDCVF-6GZR
    Error 12/22/2003 11:46:41 AM VMnetDHCP None 2 N/A BDCVF-6GZR
    Information 12/22/2003 11:43:51 AM Dnsapi None 11152 N/A BDCVF-6GZR
    ---------------------------------------------------------------------------
    Please help me in getting this output....
    Thanks in adavance.

  • Next message: Jürgen Exner: "Re: array operations"

    Relevant Pages

    • Setting in Services (Local)
      ... In Services I have the following entries: ... COM+ System Application Status (No Entry) Start up Type ... There are error notifications in the Event Log ...
      (microsoft.public.access.gettingstarted)
    • Re: Event Log Entry - excess info
      ... when you log events, the event log looks at the eventid, and in the assigned ... message dll (see registery entry "EventMessageFile" for your application) ... file has no format string for entry 0. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Event ID 26
      ... Every time I log off or shut down Windows, a message box pops up briefly ... and the following entry appears in my System Event Log: ... System Log entry, but that's stopped happening. ... Help and Support only offers the suggestion to reinstall the application, ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Error updating Free/busy information Exchange 2007
      ... If it is an event log ... message please post the entire entry. ... You're welcome to use the handy dandy ... Error updating public folder with free/busy information on virtual ...
      (microsoft.public.exchange.admin)
    • Re: Exchange services not starting...
      ... the first step in troubleshooting is identifying the problem ... you indicated before the only entry in the log was that the sevices failed ... anyone else would ask the same thing..."what did the event log say?" ... >>> tia, ...
      (microsoft.public.exchange.admin)