[python-win32] win32evtlog - Event Log parsing issue

Tim Keeler biotech at gmail.com
Fri May 4 02:09:03 CEST 2012 

Thanks for the reply, Mark!

I took a look and didn't see the EvtGetLogInfo() implemented anywhere in
the source. Hopefully Roger will be able to figure out what's going on here.

-Tim

On Thu, May 3, 2012 at 4:35 PM, Mark Hammond <skippy.hammond at gmail.com>wrote:

> I'm afraid I'm not familiar with that API, but the crash is because
> EvtOpenLog is returning a handle with a value of 1 and ReadEventLog is
> crashing with that handle.  A quick google doesn't find anyone trying to
> use ReadEventLog with a handle returned by EvtOpenLog but instead uses
> EvtGetLogInfo.
>
> Roger Upole added support for these functions so hopefully he is reading
> this and has more experience with the API (and the fact they aren't in the
> generated docs should indeed be treated as a bug!)
>
> Mark
>
>
> On 4/05/2012 1:42 AM, Tim Keeler wrote:
>
>> Hello,
>>
>> I'm having a problem with win32evtlog and reading events from an event
>> log channel on Windows Server 2008 R2. I'm using the following code and
>> get the following error (python.exe APPCRASH no exceptions):
>>
>>    #!/usr/bin/python
>>
>>    # Windows Event Log Viewer
>>    import win32evtlog # requires pywin32 pre-installed
>>
>>    hand = win32evtlog.EvtOpenLog('**ForwardedEvents',1,None)
>>    flags =
>>    win32evtlog.EVENTLOG_**BACKWARDS_READ|win32evtlog.**
>> EVENTLOG_SEQUENTIAL_READ
>>
>>    *events = win32evtlog.ReadEventLog(hand, flags, 0)*
>>
>>
>>
>> The last line calling ReadEventLog() is what causes the crash. I had to
>> read through the source code to find the function EvtOpenLog() for
>> channel support, this isn't in the latest documentation. So I'm not sure
>> if this is still experimental or not.
>>
>> Any help or guidance would be greatly appreciated. I'm using Python 2.7.3
>>
>>    Problem signature:
>>       Problem Event Name:APPCRASH
>>       Application Name:python.exe
>>       Application Version:0.0.0.0
>>       Application Timestamp:4f84a6c8
>>       Fault Module Name:ADVAPI32.dll
>>       Fault Module Version:6.1.7600.16385
>>       Fault Module Timestamp:4a5bd97e
>>       Exception Code:c0000005
>>       Exception Offset:00019347
>>       OS Version:6.1.7600.2.0.0.274.10
>>       Locale ID:1033
>>       Additional Information 1:0a9e
>>       Additional Information 2:**0a9e372d3b4ad19135b953a78882e7**89
>>       Additional Information 3:0a9e
>>       Additional Information 4:**0a9e372d3b4ad19135b953a78882e7**89
>>
>>    Read our privacy statement online:
>>    http://go.microsoft.com/**fwlink/?linkid=104288&clcid=**0x0409<http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409>
>>
>>    If the online privacy statement is not available, please read our
>>    privacy statement offline:
>>       C:\Windows\system32\en-US\**erofflps.txt
>>
>>
>>
>>
>> ______________________________**_________________
>> python-win32 mailing list
>> python-win32 at python.org
>> http://mail.python.org/**mailman/listinfo/python-win32<http://mail.python.org/mailman/listinfo/python-win32>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20120503/d5294fa1/attachment.html>

More information about the python-win32 mailing list