Export Event log via python in .txt
eryk sun
eryksun at gmail.com
Mon Mar 6 20:09:23 EST 2017
On Mon, Mar 6, 2017 at 3:36 PM, <iilaraja1286 at gmail.com> wrote:
> I'm a student learning about python I would like to know how to export
> Security log Application and generate folder path via python please help
If you're asking about the Windows event logs, then it'll be easiest
from a scripting POV to use wevtutil.exe [1] with an XPath query that
outputs XML. Make sure to use the /uni:true option to get UTF-16
output; otherwise it outputs a lossy ANSI encoding. You can run it
using subprocess.check_output.
[1]: https://technet.microsoft.com/en-us/library/cc732848
As far as exporting the data, the standard library supports XML
processing. Here's an example that logs a warning to the Application
log using "Python" as the provider. Next it executes wevtutil.exe with
a query for events logged by the "Python" provider. Then I parse the
output using ElementTree.
import logging
import logging.handlers
import subprocess
import xml.etree.ElementTree as ET
handler = logging.handlers.NTEventLogHandler('Python')
logging.getLogger().addHandler(handler)
logging.warn('スパムと卵')
wevtutil = 'wevtutil.exe query-events Application /uni:true /q:"{}"'
query = "*[System[Provider[@Name='Python']]]"
out = subprocess.check_output(wevtutil.format(query))
root = ET.fromstring(out.decode('utf-16'))
ns = {'event': 'http://schemas.microsoft.com/win/2004/08/events/event'}
>>> root.find('.//event:Provider', ns).attrib
{'Name': 'Python'}
>>> root.find('.//event:Level', ns).text
'3'
>>> root.find('.//event:Channel', ns).text
'Application'
>>> root.find('.//event:Data', ns).text
'スパムと卵'
More information about the Python-list
mailing list