Jump to content

Recommended Posts

Posted (edited)

Hello,

I am trying to create a script that will output a particular event in the Windows Event Viewer, though I am at a loss still.

From what I can tell, I need to use the _Event__Read function. The example provided by AutoIT shows how to output the most recent record, however, I need to output a record where the Source is Winlogon.

#include <GuiConstantsEx.au3>
#include <EventLog.au3>

Global $iMemo

_Main()

Func _Main()
    Local $hEventLog, $hGUI, $aEvent

    ; Create GUI
    $hGUI = GUICreate("EventLog", 400, 300)
    $iMemo = GUICtrlCreateEdit("", 2, 2, 396, 300, 0)
    GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New")
    GUISetState()

    ; Read most current event record
    $hEventLog = _EventLog__Open("", "Application")
;~  $hEventLog = _EventLog__Open("", "System")
    $aEvent = _EventLog__Read($hEventLog)
    ;~  $aEvent = _EventLog__Read($hEventLog, True, False)
;~  $aEvent = _EventLog__Read($hEventLog, True, False)
    MemoWrite("Result ............: " & $aEvent[ 0])
    MemoWrite("Record number .....: " & $aEvent[ 1])
    MemoWrite("Submitted .........: " & $aEvent[ 2] & " " & $aEvent[ 3])
    MemoWrite("Generated .........: " & $aEvent[ 4] & " " & $aEvent[ 5])
    MemoWrite("Event ID ..........: " & $aEvent[ 6])
    MemoWrite("Type ..............: " & $aEvent[ 8])
    MemoWrite("Category ..........: " & $aEvent[ 9])
    MemoWrite("Source ............: " & $aEvent[10])
    MemoWrite("Computer ..........: " & $aEvent[11])
    MemoWrite("Username ..........: " & $aEvent[12])
    MemoWrite("Description .......: " & $aEvent[13])
    _EventLog__Close($hEventLog)


    ; Loop until user exits
    Do
    Until GUIGetMsg() = $GUI_EVENT_CLOSE

EndFunc   ;==>_Main

; Write a line to the memo control
Func MemoWrite($sMessage)
    GUICtrlSetData($iMemo, $sMessage & @CRLF, 1)
EndFunc   ;==>MemoWrite

I would think placing the following code after the _Eventlog__Read function would read the log up to that entry then output the results, but I just get an empty box.

Do
    Until $aEvent[10] = "Winlogon"

Any help to steer me in the right direction would be greatly appreciated.

Thanks!

Edited by mtmartis
Posted (edited)

Replace line

$aEvent = _EventLog__Read($hEventLog)

with

Do      
  $aEvent = _EventLog__Read($hEventLog)
Until $aEvent[10] = "Winlogon"

and you get the first Eventlog entry with Source "Winlogon".

I think you misinterpred the function of _EventLog__Read. It only reads one single record. When you call the function again with the same handle then the next record is returned.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Replace line

$aEvent = _EventLog__Read($hEventLog)

with

Do      
  $aEvent = _EventLog__Read($hEventLog)
Until $aEvent[10] = "Winlogon"

and you get the first Eventlog entry with Source "Winlogon".

I think you misinterpred the function of _EventLog__Read. It only reads one single record. When you call the function again with the same handle then the next record is returned.

Ugh, you make it seem so simple. I think I am beginning to understand it. I am new to scripting,so, it's repeating the Read until it finds the Winlogon entry.

It looks like I just did not know how/where to properly implement the loop. I'll have to get back to basics and learn when and where to use what.

Thank You very much Water!

Posted

Glad to be of service :D

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...