Export Event log via python in .txt

eryk sun eryksun at gmail.com
Mon Mar 6 20:09:23 EST 2017


On Mon, Mar 6, 2017 at 3:36 PM,  <iilaraja1286 at gmail.com> wrote:
> I'm a student learning about python I would like to know how to export
> Security log Application and generate folder path via python please help

If you're asking about the Windows event logs, then it'll be easiest
from a scripting POV to use wevtutil.exe [1] with an XPath query that
outputs XML. Make sure to use the /uni:true option to get UTF-16
output; otherwise it outputs a lossy ANSI encoding. You can run it
using subprocess.check_output.

[1]: https://technet.microsoft.com/en-us/library/cc732848

As far as exporting the data, the standard library supports XML
processing. Here's an example that logs a warning to the Application
log using "Python" as the provider. Next it executes wevtutil.exe with
a query for events logged by the "Python" provider. Then I parse the
output using ElementTree.

    import logging
    import logging.handlers
    import subprocess
    import xml.etree.ElementTree as ET

    handler = logging.handlers.NTEventLogHandler('Python')
    logging.getLogger().addHandler(handler)
    logging.warn('スパムと卵')

    wevtutil = 'wevtutil.exe query-events Application /uni:true /q:"{}"'
    query = "*[System[Provider[@Name='Python']]]"

    out = subprocess.check_output(wevtutil.format(query))

    root = ET.fromstring(out.decode('utf-16'))
    ns = {'event': 'http://schemas.microsoft.com/win/2004/08/events/event'}

    >>> root.find('.//event:Provider', ns).attrib
    {'Name': 'Python'}
    >>> root.find('.//event:Level', ns).text
    '3'
    >>> root.find('.//event:Channel', ns).text
    'Application'
    >>> root.find('.//event:Data', ns).text
    'スパムと卵'


More information about the Python-list mailing list