[python-win32] Reading events from event logs using wmi
Daren Russell
darenr at madaboutcable.com
Wed Mar 19 14:45:41 CET 2008
Tim Golden wrote:
> Daren Russell wrote:
>> I've been having a look at the wmi module in the hope of being able to
>> read the event logs of a windows server and save them as a standard text
>> file for archival purposes.
>>
>> However, the only method I can see is the BackupEventLog method. I kind
>> of figured if I opened the log, and did a for loop through it I could
>> read each event logged - this doesn't seem to be the case ;-) (or I'm
>> being a bit dumb ;-) )
>>
>> Is it possible to read individual events from an already written log
>> file using this module? If there is a documented method (I've found the
>> watcher method, but do not want this) then all pointers to relevant
>> documentation (or snippets of code!) appreciated.
>
> Welcome to WMI! There's so much WMI stuff around the web (not usually
> referring to Python) that usually a search such as "wmi read event log"
> will be enough to set you on the right path:
>
> http://www.google.co.uk/search?q=wmi+read+event+log
>
> Obviously, you then have to translate the examples into Python,
> which is rarely difficult once you've got the hang... To get you
> going here's a really basic query making use only of the fact
> that I can get the name of the relevant WMI class from the
> watcher example you refer to:
>
> <code>
> import wmi
>
> c = wmi.WMI () # can put other server here if needed
> for i in c.Win32_NTLogEvent ():
> print i
> break
>
> </code>
>
> Since the "print i" bit outputs a useful dump, we can
> see that the Win32_NTLogEvent records have fields such
> as: EventType and Logfile. The EventType you have to
> search for:
>
> http://www.google.co.uk/search?q=Win32_NTlogevent+eventtype
>
> but amounts to 2 for, say, Warnings.
>
> Taken all together, you can query the System log for Warnings
> like this (you might want to qualify the time as well):
>
> <code>
> import wmi
>
> c = wmi.WMI ()
> for log in c.Win32_NTLogEvent (EventType=2, Logfile="System"):
> print log
>
> </code>
>
> Hope that gets you on your way.
>
> TJG
Hi Tim,
Thanks for that. I have found an example for what I want written in
VBS, which is why I tried the for... loop I mentioned, as that is
basically what that script did (though I'm even worse at vbs than I am
with Python ;-) )
I've found details on the MSDN site, listing the class and now I (sort
of!!) understand how it links in with your wmi module, but is there a
way to get all events in one go, as that is basically what I need to do
to write a text version of the log to an archive. If I leave the
EventType parameter out, it defaults to '3' - I guess I could do
multiple queries and then sort the output by retrieved dates, but it
seems a bit long winded!
Thanks again for your help and the pointers.
Daren
More information about the python-win32
mailing list