[python-win32] Backing up and clearing event logs

Mårten Hedman marten.hedman at btk.fi
Tue Jul 24 10:01:59 CEST 2007 

Tim Golden wrote:
> Mårten Hedman wrote:
>> Thank you for your quick answer. Unfortunately I get the same error 
>> message.
>>
>> BTW, is WMI case sensitive regarding method names? If I run your example 
>> with 'print log.BackupEventLog', I get the error:
>>
>> <dump>
>>  >>> c=wmi.WMI()
>>  >>> log=c.Win32_NTEventLogFile
>>  >>> print log.BackupEventLog
>> Traceback (most recent call last):
>>   File "<interactive input>", line 1, in <module>
>>   File "C:\Python25\lib\site-packages\wmi.py", line 474, in __getattr__
>>     handle_com_error (error_info)
>>   File "C:\Python25\lib\site-packages\wmi.py", line 188, in 
>> handle_com_error
>>     raise x_wmi, "\n".join (exception_string)
>> x_wmi: -0x7ffdfff7 - Exception occurred.
>>   Error in: SWbemObjectEx
>>   -0x7ffbefd1 - Invalid method Parameter(s)
>>  >>>
>> </dump>
>>
>> Both 'lf.BackupEventLog (ArchiveFileName="c:\\temp\\blah.blah")' and 
>> 'lf.BackupEventlog (...)' returns the same error though
> 
> OK. The bottom line seems to be:
> 
> 1) I was (partly) wrong
> 2) Microsoft generates crap error messages

Yes, i have noticed that.
> 
> The following code works for me:
> 
> <code>
> import wmi
> c = wmi.WMI (privileges=["security", "backup"])
> for log in c.Win32_NTEventLogFile (LogfileName="Application"):
>    print log.FileName
>    result, = log.BackupEventlog (ArchiveFileName=r"c:\temp\%s.log" % log.FileName)
>    if result <> 0:
>      raise RuntimeError, "%s could note be written: error %d" % (log.FileName, result)
> 
> </code>

Thank you very much! This code also works for me.


> 
> Note several things:
> 
> a) You have to take security & backup privs. This was actually
> documented on the method description (print log.BackupEventlog)
> but I missed it first time round.
> 
> b) You have -- in this version of the module -- to pass the
> ArchiveFileName keyword parameter.
> 

Yes, I have understood that from earlier email and other documentation.

> c) The method is named (at least on my XP SP2 box) "BackupEventlog"
> (note the capitalisation). I don't know if the underlying WMI is
> case-sensitive, but the module uses a dictionary to cache method
> names, which obviously *is* case-sensitive. Any unknown property
> is passed through direct to the underlying provider. What that does
> with it is unknown (to me :)

Most of the documentation I have seen names the method "BackupEventLog". 
The MSDN documentation at 
http://msdn2.microsoft.com/en-US/library/aa384808.aspx uses both 
versions, so there seems to be some confusion around.
> 
> Hope all that helps.
> 
> Tim
> 

It did indeed. Thank you again for your help.

Mårten

-- 
------------------------------------------------------------------------
Mårten Hedman                      phone: +358-(0)2-333 8037
Systems Manager                    fax:   +358-(0)2-333 8000
Turku Centre for Biotechnology     Marten.Hedman at btk.fi
Turku, Finland                     http://www.btk.fi/~marten

More information about the Python-win32 mailing list