Sign in to follow this  
Followers 0
mtmartis

Export Particular Entry from Event Viewer

4 posts in this topic

#1 ·  Posted (edited)

Hello,

I am trying to create a script that will output a particular event in the Windows Event Viewer, though I am at a loss still.

From what I can tell, I need to use the _Event__Read function. The example provided by AutoIT shows how to output the most recent record, however, I need to output a record where the Source is Winlogon.

#include <GuiConstantsEx.au3>
#include <EventLog.au3>

Global $iMemo

_Main()

Func _Main()
    Local $hEventLog, $hGUI, $aEvent

    ; Create GUI
    $hGUI = GUICreate("EventLog", 400, 300)
    $iMemo = GUICtrlCreateEdit("", 2, 2, 396, 300, 0)
    GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New")
    GUISetState()

    ; Read most current event record
    $hEventLog = _EventLog__Open("", "Application")
;~  $hEventLog = _EventLog__Open("", "System")
    $aEvent = _EventLog__Read($hEventLog)
    ;~  $aEvent = _EventLog__Read($hEventLog, True, False)
;~  $aEvent = _EventLog__Read($hEventLog, True, False)
    MemoWrite("Result ............: " & $aEvent[ 0])
    MemoWrite("Record number .....: " & $aEvent[ 1])
    MemoWrite("Submitted .........: " & $aEvent[ 2] & " " & $aEvent[ 3])
    MemoWrite("Generated .........: " & $aEvent[ 4] & " " & $aEvent[ 5])
    MemoWrite("Event ID ..........: " & $aEvent[ 6])
    MemoWrite("Type ..............: " & $aEvent[ 8])
    MemoWrite("Category ..........: " & $aEvent[ 9])
    MemoWrite("Source ............: " & $aEvent[10])
    MemoWrite("Computer ..........: " & $aEvent[11])
    MemoWrite("Username ..........: " & $aEvent[12])
    MemoWrite("Description .......: " & $aEvent[13])
    _EventLog__Close($hEventLog)


    ; Loop until user exits
    Do
    Until GUIGetMsg() = $GUI_EVENT_CLOSE

EndFunc   ;==>_Main

; Write a line to the memo control
Func MemoWrite($sMessage)
    GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
EndFunc   ;==>MemoWrite

I would think placing the following code after the _Eventlog__Read function would read the log up to that entry then output the results, but I just get an empty box.

Do
    Until $aEvent[10] = "Winlogon"

Any help to steer me in the right direction would be greatly appreciated.

Thanks!

Edited by mtmartis

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Replace line

$aEvent = _EventLog__Read($hEventLog)

with

Do      
  $aEvent = _EventLog__Read($hEventLog)
Until $aEvent[10] = "Winlogon"

and you get the first Eventlog entry with Source "Winlogon".

I think you misinterpred the function of _EventLog__Read. It only reads one single record. When you call the function again with the same handle then the next record is returned.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Replace line

$aEvent = _EventLog__Read($hEventLog)

with

Do      
  $aEvent = _EventLog__Read($hEventLog)
Until $aEvent[10] = "Winlogon"

and you get the first Eventlog entry with Source "Winlogon".

I think you misinterpred the function of _EventLog__Read. It only reads one single record. When you call the function again with the same handle then the next record is returned.

Ugh, you make it seem so simple. I think I am beginning to understand it. I am new to scripting,so, it's repeating the Read until it finds the Winlogon entry.

It looks like I just did not know how/where to properly implement the loop. I'll have to get back to basics and learn when and where to use what.

Thank You very much Water!

Share this post


Link to post
Share on other sites

Glad to be of service :D


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0