[python-win32] win32evtlog - Event Log parsing issue
Roger Upole
rupole at hotmail.com
Fri May 4 05:47:09 CEST 2012
Mark is right, the handles are not interchangable between the older event
log functions and the newer Evt* functions. You can still use the older
APIs on Vista and later, though. OpenEventLog returns a handle
compatible with ReadEventLog.
To use the newer functions, try EvtQuery->EvtNext->EvtRender.
Regarding the docs, the Evt* functions appear in the latest .chm help file.
Which documentation are you looking at ?
Roger
"Tim Keeler" <biotech at gmail.com> wrote in message news:CAJpmmnW0T1SZVkYqcvsGsnritencuQYszD0KGNx8sKPnD+Rwbg at mail.gmail.com...
> Thanks for the reply, Mark!
>
> I took a look and didn't see the EvtGetLogInfo() implemented anywhere in
> the source. Hopefully Roger will be able to figure out what's going on here.
>
> -Tim
>
> On Thu, May 3, 2012 at 4:35 PM, Mark Hammond <skippy.hammond at gmail.com>wrote:
>
>> I'm afraid I'm not familiar with that API, but the crash is because
>> EvtOpenLog is returning a handle with a value of 1 and ReadEventLog is
>> crashing with that handle. A quick google doesn't find anyone trying to
>> use ReadEventLog with a handle returned by EvtOpenLog but instead uses
>> EvtGetLogInfo.
>>
>> Roger Upole added support for these functions so hopefully he is reading
>> this and has more experience with the API (and the fact they aren't in the
>> generated docs should indeed be treated as a bug!)
>>
>> Mark
>>
>>
>> On 4/05/2012 1:42 AM, Tim Keeler wrote:
>>
>>> Hello,
>>>
>>> I'm having a problem with win32evtlog and reading events from an event
>>> log channel on Windows Server 2008 R2. I'm using the following code and
>>> get the following error (python.exe APPCRASH no exceptions):
>>>
>>> #!/usr/bin/python
>>>
>>> # Windows Event Log Viewer
>>> import win32evtlog # requires pywin32 pre-installed
>>>
>>> hand = win32evtlog.EvtOpenLog('**ForwardedEvents',1,None)
>>> flags =
>>> win32evtlog.EVENTLOG_**BACKWARDS_READ|win32evtlog.**
>>> EVENTLOG_SEQUENTIAL_READ
>>>
>>> *events = win32evtlog.ReadEventLog(hand, flags, 0)*
>>>
>>>
>>>
>>> The last line calling ReadEventLog() is what causes the crash. I had to
>>> read through the source code to find the function EvtOpenLog() for
>>> channel support, this isn't in the latest documentation. So I'm not sure
>>> if this is still experimental or not.
>>>
>>> Any help or guidance would be greatly appreciated. I'm using Python 2.7.3
>>>
>>> Problem signature:
>>> Problem Event Name:APPCRASH
>>> Application Name:python.exe
>>> Application Version:0.0.0.0
>>> Application Timestamp:4f84a6c8
>>> Fault Module Name:ADVAPI32.dll
>>> Fault Module Version:6.1.7600.16385
>>> Fault Module Timestamp:4a5bd97e
>>> Exception Code:c0000005
>>> Exception Offset:00019347
>>> OS Version:6.1.7600.2.0.0.274.10
>>> Locale ID:1033
>>> Additional Information 1:0a9e
>>> Additional Information 2:**0a9e372d3b4ad19135b953a78882e7**89
>>> Additional Information 3:0a9e
>>> Additional Information 4:**0a9e372d3b4ad19135b953a78882e7**89
>>>
>>> Read our privacy statement online:
>>> http://go.microsoft.com/**fwlink/?linkid=104288&clcid=**0x0409<http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409>
>>>
>>> If the online privacy statement is not available, please read our
>>> privacy statement offline:
>>> C:\Windows\system32\en-US\**erofflps.txt
>>>
>>>
>>>
>>>
>>> ______________________________**_________________
>>> python-win32 mailing list
>>> python-win32 at python.org
>>> http://mail.python.org/**mailman/listinfo/python-win32<http://mail.python.org/mailman/listinfo/python-win32>
>>>
>>>
>>
>>
>
--------------------------------------------------------------------------------
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> http://mail.python.org/mailman/listinfo/python-win32
>
More information about the python-win32
mailing list