[python-win32] Reading events from event logs using wmi

Wed Mar 19 13:03:15 CET 2008

Daren Russell wrote:
> I've been having a look at the wmi module in the hope of being able to 
> read the event logs of a windows server and save them as a standard text 
> file for archival purposes.
> 
> However, the only method I can see is the BackupEventLog method.  I kind 
> of figured if I opened the log, and did a for loop through it I could 
> read each event logged - this doesn't seem to be the case ;-) (or I'm 
> being a bit dumb ;-) )
> 
> Is it possible to read individual events from an already written log 
> file using this module?  If there is a documented method (I've found the 
> watcher method, but do not want this) then all pointers to relevant 
> documentation (or snippets of code!) appreciated.

Welcome to WMI! There's so much WMI stuff around the web (not usually
referring to Python) that usually a search such as "wmi read event log"
will be enough to set you on the right path:

   http://www.google.co.uk/search?q=wmi+read+event+log

Obviously, you then have to translate the examples into Python,
which is rarely difficult once you've got the hang... To get you
going here's a really basic query making use only of the fact
that I can get the name of the relevant WMI class from the
watcher example you refer to:

<code>
import wmi

c = wmi.WMI () # can put other server here if needed
for i in c.Win32_NTLogEvent ():
   print i
   break

</code>

Since the "print i" bit outputs a useful dump, we can
see that the Win32_NTLogEvent records have fields such
as: EventType and Logfile. The EventType you have to
search for:

   http://www.google.co.uk/search?q=Win32_NTlogevent+eventtype

but amounts to 2 for, say, Warnings.

Taken all together, you can query the System log for Warnings
like this (you might want to qualify the time as well):

<code>
import wmi

c = wmi.WMI ()
for log in c.Win32_NTLogEvent (EventType=2, Logfile="System"):
   print log

</code>

Hope that gets you on your way.

TJG