G
Gnaneshwar Babu
Hi
I am facing a problem with extracting event logs of win32 to a file.
Am using the following code to extract eventlogs to file
use Win32::EventLog;
$handle=Win32::EventLog->new("System", $ENV{ComputerName})
or die "Can't open Application EventLog\n";
$handle->GetNumber($recs)
or die "Can't get number of EventLog records\n";
$handle->GetOldest($base)
or die "Can't get number of oldest EventLog record\n";
while ($x < $recs) {
$handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,
$base+$x,
$hashRef)
or die "Can't read EventLog entry #$x\n";
if ($hashRef->{Source} eq "EventLog") {
Win32::EventLog::GetMessageText($hashRef);
print "Entry $x: $hashRef->{Message}\n";
}
$x++;
}
from this program i used get a output as shown bellow
----------------------------------------------------------------
C:\babu>perl eventlogg.pl
Entry : The Event log service was stopped.
Entry 1: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 2: The Event log service was started.
Entry 3: The Event log service was stopped.
Entry 4: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 5: The Event log service was started.
Entry 6: The Event log service was stopped.
Entry 7: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 8: The Event log service was started.
Entry 21: The Event log service was stopped.
Entry 22: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fr
ee.
Entry 23: The Event log service was started.
Entry 24: The Event log service was stopped.
Entry 25: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fr
ee.
--------------------------------------------------------------------
but i need a output as shown bellow
----------------------------------------------------------------------
Type Date Time Source Category Event User Computer
Information 12/31/2003 11:15:38 AM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/31/2003 11:15:17 AM VMnetuserif None 4 N/A BDCVF-6GZR
Information 12/31/2003 11:15:17 AM VMnetuserif None 1 N/A BDCVF-6GZR
Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
Information 12/31/2003 11:14:40 AM eventlog None 6005 N/A BDCVF-6GZR
Information 12/31/2003 11:14:40 AM eventlog None 6009 N/A BDCVF-6GZR
Information 12/31/2003 11:13:42 AM eventlog None 6006 N/A BDCVF-6GZR
Warning 12/30/2003 1:40:08 PM Dnsapi None 11150 N/A BDCVF-6GZR
Information 12/30/2003 1:40:08 PM Dnsapi None 11156 N/A BDCVF-6GZR
Warning 12/30/2003 1:28:51 PM Dnscache None 11050 N/A BDCVF-6GZR
Information 12/30/2003 1:22:52 PM Browser None 8033 N/A BDCVF-6GZR
Information 12/30/2003 1:20:49 PM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/30/2003 1:20:48 PM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/26/2003 8:50:04 PM Application
Popup None 26 N/A BDCVF-6GZR
Information 12/24/2003 6:26:53 PM W32Time None 593 N/A BDCVF-6GZR
Error 12/22/2003 11:46:41 AM VMnetDHCP None 2 N/A BDCVF-6GZR
Information 12/22/2003 11:43:51 AM Dnsapi None 11152 N/A BDCVF-6GZR
I am facing a problem with extracting event logs of win32 to a file.
Am using the following code to extract eventlogs to file
use Win32::EventLog;
$handle=Win32::EventLog->new("System", $ENV{ComputerName})
or die "Can't open Application EventLog\n";
$handle->GetNumber($recs)
or die "Can't get number of EventLog records\n";
$handle->GetOldest($base)
or die "Can't get number of oldest EventLog record\n";
while ($x < $recs) {
$handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,
$base+$x,
$hashRef)
or die "Can't read EventLog entry #$x\n";
if ($hashRef->{Source} eq "EventLog") {
Win32::EventLog::GetMessageText($hashRef);
print "Entry $x: $hashRef->{Message}\n";
}
$x++;
}
from this program i used get a output as shown bellow
----------------------------------------------------------------
C:\babu>perl eventlogg.pl
Entry : The Event log service was stopped.
Entry 1: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 2: The Event log service was started.
Entry 3: The Event log service was stopped.
Entry 4: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 5: The Event log service was started.
Entry 6: The Event log service was stopped.
Entry 7: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fre
e.
Entry 8: The Event log service was started.
Entry 21: The Event log service was stopped.
Entry 22: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fr
ee.
Entry 23: The Event log service was started.
Entry 24: The Event log service was stopped.
Entry 25: Microsoft (R) Windows 2000 (R) 5.0 2195 Service Pack 3
Uniprocessor Fr
ee.
--------------------------------------------------------------------
but i need a output as shown bellow
----------------------------------------------------------------------
Type Date Time Source Category Event User Computer
Information 12/31/2003 11:15:38 AM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/31/2003 11:15:17 AM VMnetuserif None 4 N/A BDCVF-6GZR
Information 12/31/2003 11:15:17 AM VMnetuserif None 1 N/A BDCVF-6GZR
Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
Information 12/31/2003 11:14:26 AM VMnetAdapter None 34 N/A BDCVF-6GZR
Information 12/31/2003 11:14:40 AM eventlog None 6005 N/A BDCVF-6GZR
Information 12/31/2003 11:14:40 AM eventlog None 6009 N/A BDCVF-6GZR
Information 12/31/2003 11:13:42 AM eventlog None 6006 N/A BDCVF-6GZR
Warning 12/30/2003 1:40:08 PM Dnsapi None 11150 N/A BDCVF-6GZR
Information 12/30/2003 1:40:08 PM Dnsapi None 11156 N/A BDCVF-6GZR
Warning 12/30/2003 1:28:51 PM Dnscache None 11050 N/A BDCVF-6GZR
Information 12/30/2003 1:22:52 PM Browser None 8033 N/A BDCVF-6GZR
Information 12/30/2003 1:20:49 PM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/30/2003 1:20:48 PM Dnsapi None 11152 N/A BDCVF-6GZR
Information 12/26/2003 8:50:04 PM Application
Popup None 26 N/A BDCVF-6GZR
Information 12/24/2003 6:26:53 PM W32Time None 593 N/A BDCVF-6GZR
Error 12/22/2003 11:46:41 AM VMnetDHCP None 2 N/A BDCVF-6GZR
Information 12/22/2003 11:43:51 AM Dnsapi None 11152 N/A BDCVF-6GZR