1. Windows Event Viewer

  • Posted by dirkvdo Dec 24, 2009
  • 1081 views

Hi,

I wonder if there is some way to extract data from the Windows Event Viewer (log) with Euphoria. And to complicate things a bit, I would like to know if I can consolidate such data from more than one computer in a network ?

Thanks !

Dirk (Belgium)

new topic     » topic index » view message » categorize

2. Re: Windows Event Viewer

I can suggest looking at "pstools" from www.sysinternals.com The author, Mark Russinovich, is now working with Micro$oft. There are many tools inside the sysinternals.zip that allow remote logins, execs, shutdowns, etc. The name "pstools" comes from the first utility, a Windows equivalent of Unix "ps" which lists processes. The specific utility you want is "PsLogList". here is what the help says about it:

PsLogList The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.

HTH!

new topic     » goto parent     » topic index » view message » categorize

3. Re: Windows Event Viewer

I forgot to mention, psloglist -s > myfile.txt Then just read the myfile.txt with your euphoria program. I am assuming you don't want to suffer by figuring out how Euphoria will access the info without something like psloglist?

Here is the options of psloglist: usage: psloglist [-?] [
computer[,computer[,...] | @file [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-h #|-d #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event log file] <eventlog>

@file Execute the command on each of the computers listed in the file.

-a Dump records timestamped after specified date.

-b Dump records timestamped before specified date.

-c Clear the event log after displaying.

-d Only display records from previous n days.

-e Exclude events with the specified ID or IDs (up to 10).

-f Filter event types with filter string (e.g. "-f w" to filter warnings).

-g Export an event log as an evt file. This can only be used with the -c switch (clear log).

-h Only display records from previous n hours.

-i Show only events with the specified ID or IDs (up to 10).

-l Dump records from the specified event log file.

-m Only display records from previous n minutes.

-n Only display the number of most recent entries specified.

-o Show only records from the specified event source (e.g. \"-o cdrom\").

-p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.

-q Omit records from the specified event source or sources (e.g. \"-o cdrom\").

-r Dump log from least recent to most recent.

-s

This switch has PsLogList print Event Log records one-per-line, with comma delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet.

-t The default delimeter is a comma, but can be overriden with the specified character.

-u Specifies optional user name for login to remote computer.

-w Wait for new events, dumping them as they generate.

-x Dump extended data.

eventlog By default PsLogList shows the contents of the System Event Log. Specify a different event log by typing in the first few letters of the log name, application, system, or security.

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu