reading windows event logs

E

EW

Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.

Thanks in advance for any help,
Eric
 
M

MRAB

EW said:
Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.
Click to expand...
The events logs are in %SystemRoot%\system32\config and have the
extension .evt. There's info here on the file format:

http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
 
M

Mark Hammond

Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.
Click to expand...

Look for the win32evtlog and win32evtlogutil modules which come with
pywin32 (http://sf.net/projects/pywin32)

Cheers,

Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reading Ports (uart) in windows 3
Deploying on Windows servers : advice sought a module 1
Reading log and saving data to DB 4
Creating a session in windows to auth to remote machines 4
shared logs and multiple configurations 1
Help figuring out a directory permission change problem 1
FAQ or HOWTO on windows event logs 1
Python reading System/Application Event logs in Windows 1

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 464

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,051
Latest member
CarleyMcCr

Latest Threads

Top