[python-win32] Reading events from event logs using wmi

Daren Russell darenr at madaboutcable.com
Wed Mar 19 14:45:41 CET 2008


Tim Golden wrote:
> Daren Russell wrote:
>> I've been having a look at the wmi module in the hope of being able to 
>> read the event logs of a windows server and save them as a standard text 
>> file for archival purposes.
>>
>> However, the only method I can see is the BackupEventLog method.  I kind 
>> of figured if I opened the log, and did a for loop through it I could 
>> read each event logged - this doesn't seem to be the case ;-) (or I'm 
>> being a bit dumb ;-) )
>>
>> Is it possible to read individual events from an already written log 
>> file using this module?  If there is a documented method (I've found the 
>> watcher method, but do not want this) then all pointers to relevant 
>> documentation (or snippets of code!) appreciated.
> 
> Welcome to WMI! There's so much WMI stuff around the web (not usually
> referring to Python) that usually a search such as "wmi read event log"
> will be enough to set you on the right path:
> 
>    http://www.google.co.uk/search?q=wmi+read+event+log
> 
> Obviously, you then have to translate the examples into Python,
> which is rarely difficult once you've got the hang... To get you
> going here's a really basic query making use only of the fact
> that I can get the name of the relevant WMI class from the
> watcher example you refer to:
> 
> <code>
> import wmi
> 
> c = wmi.WMI () # can put other server here if needed
> for i in c.Win32_NTLogEvent ():
>    print i
>    break
> 
> </code>
> 
> Since the "print i" bit outputs a useful dump, we can
> see that the Win32_NTLogEvent records have fields such
> as: EventType and Logfile. The EventType you have to
> search for:
> 
>    http://www.google.co.uk/search?q=Win32_NTlogevent+eventtype
> 
> but amounts to 2 for, say, Warnings.
> 
> Taken all together, you can query the System log for Warnings
> like this (you might want to qualify the time as well):
> 
> <code>
> import wmi
> 
> c = wmi.WMI ()
> for log in c.Win32_NTLogEvent (EventType=2, Logfile="System"):
>    print log
> 
> </code>
> 
> Hope that gets you on your way.
> 
> TJG

Hi Tim,

Thanks for that.  I have found an example for what I want written in 
VBS, which is why I tried the for... loop I mentioned, as that is 
basically what that script did (though I'm even worse at vbs than I am 
with Python ;-) )

I've found details on the MSDN site, listing the class and now I (sort 
of!!) understand how it links in with your wmi module, but is there a 
way to get all events in one go, as that is basically what I need to do 
to write a text version of the log to an archive.  If I leave the 
EventType parameter out, it defaults to '3' - I guess I could do 
multiple queries and then sort the output by retrieved dates, but it 
seems a bit long winded!

Thanks again for your help and the pointers.

Daren



More information about the python-win32 mailing list