[python-win32] Monitoring the Event Log

Wed Nov 17 22:15:37 CET 2004

Monitoring the log is easy. You just open the log and then read it in a 
loop. This little transcript of an interactive session should give you 
an idea:

 >>> import win32evtlog
 >>> h = win32evtlog.OpenEventLog(None, 'Application')
 >>> win32evtlog.GetOldestEventLogRecord(h)
3702
 >>> event = win32evtlog.ReadEventLog(h, 
win32evtlog.EVENTLOG_SEEK_READ|win32evtl
og.EVENTLOG_FORWARDS_READ, 3702)
 >>> event
[<PyEventLogRecord object at 0x00925BE0>, <PyEventLogRecord object at 
0x00929B00
 >, <PyEventLogRecord object at 0x00929B78>]
 >>> event[2].EventID
-1073741800
 >>> event[2].EventType
1
 >>> event[2].SourceName
u'WinMgmt'
 >>> event[2].StringInserts
(u'SELECT * FROM __InstanceDeletionEvent where TargetInstance ISA 
"BRCM_NetworkV
irtualAdapter"', u'BRCM_NetworkVirtualAdapter')
 >>> event = win32evtlog.ReadEventLog(h, 
win32evtlog.EVENTLOG_SEQUENTIAL_READ|win
32evtlog.EVENTLOG_FORWARDS_READ, 0)
 >>> len(event)
4

So, that's the basic layout. You open up the event log (first param 
points to the computer you want to read from, None if you just want to 
read the local log), figure out what the first entry is, and then start 
reading. Alternatively you may wish to skip over entries that are in the 
past and not notify on them. When you reach the end of the log the 
ReadEvent will just hang until a new event arrives.

Jan Van Uytven (Wyvern) wrote:

>Hi,
>
>I have a RAID array on a server whose driver posts an event to the
>System Event Log when there's a change in the status of the array. I
>could just buy an event log monitor that will send me e-mail when that
>happens but I was wondering: Could I write a Python service to monitor
>the event log? 
>
>I have Mark Hammond's excellent book, and with it's help the service  &
>e-mailing itself shouldn't be a problem, but I'd appreciate advice on
>the best way to monitor the log. Is there any way for the service to
>register itself somehow so it gets notified whenever an event gets
>posted to the log? Failing that, can the service use the windows
>scheduler to search the log every hour on the hour? Or is there a much
>easier way I'm not seeing?
>
>Thanks,
>
>Jan
>---
>Jan Van Uytven
>Computer Systems & Network Engineer
>Convergent Media Network
>wyvern at crm3.com
>
>Randomly selected from my quote-file:
>
>"Without warning came those deep, cracked,
> raucous vocal sounds which will never leave the
> memory of the stricken group who heard them.
> Not from any human throat were they born, for
> the organs of Man can yield no such acoustic
> perversions..."
>	-"The Call of Cthulhu"
>
>
>  
>
>>>>LEGAL STUFF <<< 
>>>>        
>>>>
>This electronic message transmission, including any attached files, 
>contains information which may be confidential and/or privileged.
>The information is intended to be for the SOLE use of the individual or 
>entity named above. If you are not the intended recipient, be aware 
>that any review, disclosure, copying, distribution or use of the 
>contents of this information is prohibited. This message is not to be 
>forwarded for any reason without prior consent of the sender. 
>
>If you have received this electronic transmission in error, please 
>notify the sender immediately by telephone (250) 386-4266 or by a 
>'reply to sender only' message and destroy all electronic and hard 
>copies of the communication, including attachments, without reading 
>or saving in any manner.
>
>_______________________________________________
>Python-win32 mailing list
>Python-win32 at python.org
>http://mail.python.org/mailman/listinfo/python-win32
>  
>

-- 
Jens B. Jorgensen
jens.jorgensen at tallan.com

"With a focused commitment to our clients and our people, we deliver value through customized technology solutions"  