Jump to content
Sign in to follow this  
stg68

_EventLog__Open does not open "Setup"

Recommended Posts

stg68

I have no problem with "System"

Any ideas will be appreciated

#Include <EventLog.au3>

$file = FileOpen("EventLog3.txt", 2)

If $file = -1 Then Exit

$hEventLog = _EventLog__Open ("", "Setup")

$count = _EventLog__Count($hEventLog)

For $i = 0 to $count

$aEvent = _EventLog__Read($hEventLog, True, False)

If $aEvent[0] <> 'False' then ContinueLoop

FileWrite($file, "* " &$aEvent[8] & " " & $aEvent[4] & " " & $aEvent[5] &" " & "<Source> " & $aEvent[10] & " " & "<EventID> " & $aEvent[6] &" " & "<Username> " & $aEvent[12] & @CRLF)

FileWrite($file, "<Description> " & $aEvent[13] & @CRLF & @CRLF & @CRLF)

Next

FileClose($file)

Share this post


Link to post
Share on other sites
lowray1975

Which OS are you testing this on? I just tried you code (without modification) on Windows XP and it worked perfectly. If it's Vista or 7 try adding #RequireAdmin.

Edited by lowray1975

Share this post


Link to post
Share on other sites
BrewManNH

That doesn't work on XP lowray1975, because XP doesn't have a Setup eventlog.

It's actually reading the System log file instead. on Vista and 7 it is reading from the Application log file.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
stg68

#RequireAdmin did the trick for (Win 7). Thank you so much!

However, _EventLog__Read [13] - Event Description shows kind of not readable string e.g.

KB26765625112Installed0x0WindowsUpdateAgent

By looking into event viewer it shows for the same record this:

Package KB2676562 was successfully changed to the Installed state.

Any ideas will be appreciated!

Share this post


Link to post
Share on other sites
Kevinsyel

I wrote something like this in C# a while back, and the Vista unit I was testing the code on Always seemed to crash when it checked the Setup event logs. However, when I ran the code on a Win7 system, I didn't encounter any crashes, and it accessed the event log just fine. I think certain OSs are finicky with the logs the allow you to access, even if the OS has the log in it

Share this post


Link to post
Share on other sites
lowray1975

@stg68 - Excellent, glad I could help!

@BrewManNH - Crap, I didn't pick up on that - good catch and thank you!

Share this post


Link to post
Share on other sites
BrewManNH

@BrewManNH - Crap, I didn't pick up on that - good catch and thank you!

It caught me out too when I ran this until I started looking at what was being read in, found out that the count return was the number of events in the Application log and not my Setup log.

BTW, the #RequireAdmin didn't work for me on Win7. I'm still getting the Application logs instead of setup, not sure why.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
stg68

Here is what happened on my WIN7 two machines:

1-st machine

It did not work initially. I found a trick by creating the following reg key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceseventlogsetup

And then I run my script without adding #RequireAdmin. It worked.

Then, I deleted the reg key and got suggestion to add #RequireAdmin. I tried and it worked again..

NOW regardless of reg key AND/OR #RequireAdmin existance my script works all the time

2-nd machine.

I cannot make my script work with #RequireAdmin without reg key creation.

Conclusion:

reg key creation makes my script work without #RequireAdmin specified. However, I do not prefer to create and delete any registries.

Any other suggestions will be appreciated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • JohnWIlling
      By JohnWIlling
      I created a script to "tail" the Windows Event Log (Attached: EventLogTail.au3).  The script will examine the 4 main logs of "Application", "Security", "Setup" and "System".  I also added buttons to generate an Event Reports for the 4 logs.
      If a generate (or if an event arrives) for "Application", the count will increase for "Application" log but so will the count for "Setup" although the Event Viewer will only show the entry for "Application".  If I generate (or if an event arrives) for "Setup", the count will increase for "Setup" log but so will the count for "Application" although the Event Viewer will only show the entry for "Application".
      Currently running version 3.3.14.2
      EventLogTail.au3
×