Sign in to follow this  
Followers 0
lfsky

How to read Windows 7 Eventlog such as 'Setup'

6 posts in this topic

I have a problem use "_eventlog__open" to access the eventlog such as 'Setup' &'Forwarded events'.But no any

problem to access 'System','Application'&'Security'.

Could any one can help me?

Share this post


Link to post
Share on other sites



Are you sure there's anything in those logs? It might be that Forwarded Events doesn't return anything because it's disabled.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

yes,there is no record in Forwarded Events.But Setup have 682 records.,I still can not open it.

I use $hEventLog= _eventlog__open("","Setup") to open it.And _eventlog__Count($hEventLog) to get

the number of records,it return the number of application records not Setup

Share this post


Link to post
Share on other sites

I have resolved this problem

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Too bad: exposing, even briefly, how you solved it would certainly help next users having the same issue in some future.

Edited by jchd

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

HAHA,this is a windows features.

I have saw the UDF source code, found no any 'setup' key in "HKLMSYSTEMCurrentControlSetServicesEventlogs",but setup.evtx indeed exist in system folder "windowssystem32winevtlogs".

So,I just create a key "setup" in "HKLMSYSTEMCurrentControlSetServicesEventlogs" and delete it after finish accessing it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0