reading windows event logs
MRAB
python at mrabarnett.plus.com
Wed Nov 25 15:55:20 EST 2009
EW wrote:
> Hi All,
> I'm looking for some guidance on a better way to read eventlogs
> from windows servers. I've written a handy little app that relies on
> WMI to pull the logs an in all my testing it worked great. When I
> deployed it, however, WMI choked on servers with a lot of logs. I've
> tried pulling the logs using much smaller VB scripts as well and they
> still failed, so I'm pretty sure I'm facing a WMI problem and not a
> python or system resources problem. So I couldn't effectively get
> logs off of domain controllers for example or file servers that had
> auditing turned on. Sadly those are exactly the types of servers
> whose logs are most interesting.
>
> So I'm looking for suggestions on a way to grab that data without
> using WMI for remote machines. I know MS has C libraries for this but
> I haven't touched C for 10 years so I'm hoping there's a python
> equivalent out there somewhere. Any advice would be appreciated.
>
The events logs are in %SystemRoot%\system32\config and have the
extension .evt. There's info here on the file format:
http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
More information about the Python-list
mailing list