stg68 Posted May 18, 2012 Share Posted May 18, 2012 Hello, Your help will be appreciated. How to read only logs created within the last 30 days? It should be compatible with any regions. Regards #Include <EventLog.au3> $file = FileOpen("EventLog3.txt", 2) If $file = -1 Then Exit $hEventLog = _EventLog__Open ("", "System") $count = _EventLog__Count($hEventLog) For $i = 0 to $count $aEvent = _EventLog__Read($hEventLog, True, False) If $aEvent[0] <> 'False' then ContinueLoop FileWrite($file, "* " &$aEvent[8] & " " & $aEvent[4] & " " & $aEvent[5] &" " & "<Source> " & $aEvent[10] & " " & "<EventID> " & $aEvent[6] &" " & "<Username> " & $aEvent[12] & @CRLF) FileWrite($file, "<Description> " & $aEvent[13] & @CRLF & @CRLF & @CRLF) Next FileClose($file) Link to comment Share on other sites More sharing options...
UEZ Posted May 19, 2012 Share Posted May 19, 2012 Try this: expandcollapse popupOpt("MustDeclareVars", 1) #include <Date.au3> ConsoleWrite("Host Name;Error Source;Error Type;Error Event ID;Error Time Generated ;Error Source Name;Error Insertion Strings;Error Message" & @CRLF) ConsoleWrite(WMI_GetEventLogEntry(@ComputerName) & @CRLF) Func WMI_GetEventLogEntry($sHost, $sLogCat = "System", $iDays = 2, $iEventId = "") ;coded by UEZ 2009 Local Const $objWMI= ObjGet("winmgmts:{impersonationLevel=impersonate}!" & $sHost & "rootcimv2") If @error Then Return SetError(1, 0, 0) Local Const $iDays_Threshold = -1 * $iDays ; how many days should be looked into the past for error - 0 = today Local Const $sNow = _NowCalc() Local Const $sDate_Threshold = _DateAdd('d', $iDays_Threshold, $sNow) ;get the date / time value fom past Local Const $sDate_Threshold_WQL = StringLeft(StringReplace(StringReplace(StringReplace(_DateAdd('d', $iDays_Threshold, $sNow), ":", ""), "/", ""), " ", ""), 8) ;convert to WQL-Supported Date Formats Local $colItems If $iEventId = "" Then $colItems = $objWMI.ExecQuery("SELECT Logfile, EventType, EventCode, TimeGenerated, SourceName, InsertionStrings, Message FROM Win32_NTLogEvent WHERE LogFile='" & $sLogCat & "' AND TimeGenerated >= '" & $sDate_Threshold_WQL & "'", "WQL", 0x30) Else $colItems = $objWMI.ExecQuery("SELECT Logfile, EventType, EventCode, TimeGenerated, SourceName, InsertionStrings, Message FROM Win32_NTLogEvent WHERE EventCode = '" & $iEventId & "' And LogFile='" & $sLogCat & "' AND TimeGenerated >= '" & $sDate_Threshold_WQL & "'", "WQL", 0x30) EndIf Local $x, $sEventlog, $sEventlog_EventID, $sEventlog_EventType, $sEventlog_InsertionStrings, $sEventlog_Logfile, $sEventlog_Message, $sEventlog_SourceName, $sEventlog_TimeGenerated If IsObj($colItems) Then For $objItem In $colItems $sEventlog_Logfile = $objItem.Logfile $sEventlog_EventType = $objItem.EventType $sEventlog_EventID = $objItem.EventCode ;$objItem.EventIdentifier $sEventlog_TimeGenerated = WMIDateStringToDate2($objItem.TimeGenerated) $sEventlog_SourceName = $objItem.SourceName $sEventlog_InsertionStrings = "" For $x = 0 To UBound($objItem.InsertionStrings) - 1 If Number($objItem.InsertionStrings($x)) = 0 And StringLeft($objItem.InsertionStrings($x), 2) <> "%%" And $objItem.InsertionStrings($x) <> "" And StringLen($objItem.InsertionStrings($x)) > 1 Then ;skip unneeded strings $sEventlog_InsertionStrings &= StringStripWS(StringReplace(StringReplace($objItem.InsertionStrings($x), Chr(10), ""), Chr(13), ""), 7) & ", " EndIf Next $sEventlog_InsertionStrings = StringTrimRight($sEventlog_InsertionStrings, 1) $sEventlog_Message = StringStripWS(StringReplace(StringReplace($objItem.Message, Chr(10), ""), Chr(13), ""), 7) $sEventlog &= $sHost & ";" & $sEventlog_Logfile & ";" & $sEventlog_EventType & ";" & $sEventlog_EventID & ";" & $sEventlog_TimeGenerated & ";" & $sEventlog_SourceName & ";" & $sEventlog_InsertionStrings & ";" & $sEventlog_Message & ";" & @CRLF Next Return $sEventlog Else Return SetError(2, 0, 0) EndIf EndFunc Func WMIDateStringToDate2($dtmDate) Return (StringMid($dtmDate, 7, 2) & "." & StringMid($dtmDate, 5, 2) & "." & StringLeft($dtmDate, 4) & " " & _ StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate, 13, 2)) EndFunc ;==>WMIDateStringToDate2 It's slow! Br, UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
stg68 Posted May 19, 2012 Author Share Posted May 19, 2012 Thank you! Will try Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now