Query windows event log with python

[robey.lawrence]

Hi,

I am looking to write a short program to query the windows event log.

It needs to ask the user for input for The event type (Critical, Error, and Information), and the user needs to be able to specify a date since when they want to view results.

I understand I will need the pywin32 extension, which i already have installed.

I found this piece of code to start from,

<code>
import win32evtlog # requires pywin32 pre-installed

server = 'localhost' # name of the target computer to get event logs
logtype = 'System' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)

while True:
events = win32evtlog.ReadEventLog(hand, flags,0)
if events:
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
data = event.StringInserts
if data:
print 'Event Data:'
for msg in data:
print msg
print
</code>

Thanks for any help.
Robey

 

[alex23]

Hi,

I am looking to write a short program to query the windows event log.

It needs to ask the user for input for The event type (Critical, Error, and Information), and the user needs to be able to specify a date since whenthey want to view results.

I understand I will need the pywin32 extension, which i already have installed.

I found this piece of code to start from,

<code>
import win32evtlog # requires pywin32 pre-installed

server = 'localhost' # name of the target computer to get event logs
logtype = 'System' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)

while True:
    events = win32evtlog.ReadEventLog(hand, flags,0)
    if events:
        for event in events:
            print 'Event Category:', event.EventCategory
            print 'Time Generated:', event.TimeGenerated
            print 'Source Name:', event.SourceName
            print 'Event ID:', event.EventID
            print 'Event Type:', event.EventType
            data = event.StringInserts
            if data:
                print 'Event Data:'
                for msg in data:
                    print msg
            print
</code>

Thanks for any help.
Robey

What would you like us to provide? Pointers to the Python tutorial? Or
all of the code?

Generally, the onus is on you to attempt to come up with solution
yourself and then to ask for assistance where required. If you want
someone to just write it for you, then you might want to mention how
you plan on recompensing them.

 

[Tim Golden]

I am looking to write a short program to query the windows event
log.

It needs to ask the user for input for The event type (Critical,
Error, and Information), and the user needs to be able to specify a
date since when they want to view results.

I found this piece of code to start from,

[... snip ...]

Well it looks like you have everything you need. Was there a specific
question you wanted to ask?

TJG

 

[robey.lawrence]

I am looking to write a short program to query the windows event


It needs to ask the user for input for The event type (Critical,

Error, and Information), and the user needs to be able to specify a

date since when they want to view results.

I found this piece of code to start from,

[... snip ...]



Well it looks like you have everything you need. Was there a specific

question you wanted to ask?



TJG

yes, I would like to run it in Command prompt and ask the user at the time what type and date of Event they would like to view. so i was wondering where in the code I could put something like "var=raw_input"

Thanks TJG

 

[robey.lawrence]

I am looking to write a short program to query the windows event


It needs to ask the user for input for The event type (Critical,

Error, and Information), and the user needs to be able to specify a

date since when they want to view results.

I found this piece of code to start from,

[... snip ...]



Well it looks like you have everything you need. Was there a specific

question you wanted to ask?



TJG

yes, I would like to run it in Command prompt and ask the user at the time what type and date of Event they would like to view. so i was wondering where in the code I could put something like "var=raw_input"

Thanks TJG

 

[Tim Golden]

I am looking to write a short program to query the windows event


It needs to ask the user for input for The event type (Critical,

Error, and Information), and the user needs to be able to specify
a

date since when they want to view results.

I found this piece of code to start from,

[... snip ...]



Well it looks like you have everything you need. Was there a
specific

question you wanted to ask?



TJG

yes, I would like to run it in Command prompt and ask the user at the
time what type and date of Event they would like to view. so i was
wondering where in the code I could put something like
"var=raw_input"

Ok, so your query isn't so much with accessing the event log as
with writing Python code at all. If you haven't already, could I suggest
the Python tutorial here:

http://docs.python.org/2/tutorial/

or, if that one doesn't suit, just search for "Python tutorial" to find
something which fits your brain.

Feel free to post back here with questions once you've got started.

TJG