RedneckTech Posted August 22, 2012 Share Posted August 22, 2012 Anyone played with this enough? $hEventLog = _EventLog_Open("", "System") _EventLog_Read($hEventLog, True, False) Works $hEventLog = _EventLog_Open("", "System") _EventLog_Read($hEventLog, False, either, anything) Fails. Doesnt error, but pulls nothing I have tried putting in variables, positive integers, negative integers, and other commands while using both true and false for flag2, but if flag 1 is False nothing will read. This does not work as I want to use the following inside of a while loop _EventLog_Read($hEventLog, False, False, $n) with an ever increasing $n. Really needing some help on here. if there's something im missing it would be greatly appreciated. Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted August 22, 2012 Moderators Share Posted August 22, 2012 Hi, RedNeckTech. If you want to return a specific field from the Event Log, you have to specify the array index. This works for me: #include <EventLog.au3> $hEventLog = _EventLog__Open("", "System") For $i = 1 To 10 $aEvent = _EventLog__Read($hEventLog, True, False, $i) MsgBox(0, "", $aEvent[13]) Next "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
RedneckTech Posted August 22, 2012 Author Share Posted August 22, 2012 sorry. i have done that. here is what i have. same issue applies: expandcollapse popup#include <EventLog.au3> #include <date.au3> $n = 1 $timediff = 0 While $timediff < 24 $hEventLog = _EventLog__Open("", "System") $aEvent = _EventLog__Read($hEventLog, False, False, 0) $timearray = StringSplit( $aEvent[5], ":") MsgBox(0, "", $aEvent[4]) MsgBox(0, "", $aEvent[5]) $datearray = StringSplit( $aEvent[4], "/") MsgBox(0, "", $datearray[0]) $24hour = $timearray[1] If StringInStr ( $aEvent[5], "PM" ) Then MsgBox(0, "", "PM") $24hour = $timearray[1] + 12 EndIf If $datearray[2] <> @MDAY Then MsgBox(0, "", $datearray[2]) $24hour = $24hour + 24 EndIf $hours = @HOUR $timediff = $hours - $24hour If $timediff < 24 Then ;_Analyze() $n = $n + 1 EndIf WEnd Func Analyze() If $aEvent [10] = "Windows AntiMalware" Then If $aEvent[8] <> "information" Then FileOpen (@WorkingDir & "WinAMLog.txt", 1) FileWriteLine ( @WorkingDir & "WinAMLog.txt", $aEvent[2] & " " & $aEvent[3] & " - " & $aEvent[13] ) EndIf EndIf EndFunc Link to comment Share on other sites More sharing options...
RedneckTech Posted August 22, 2012 Author Share Posted August 22, 2012 Have tried it with $hEventLog inside and outside of the while loop. and when i get a decent first test run i will cleanup. i just need to get something from that first _EventLog_Read pass and i can roll from there Link to comment Share on other sites More sharing options...
iamtheky Posted August 22, 2012 Share Posted August 22, 2012 working backwards from the latest entry, i believe: #Include <EventLog.au3> #Include <Array.au3> $hEventLog = _EventLog__Open("", "System") $eventArray = _EventLog__Read($hEventLog, True, False) _ArrayDisplay ($eventArray) for $i = $eventArray[1] - 1 to 0 step - 1 $loopArray = _EventLog__Read($hEventLog, False, False, $i) _ArrayDisplay ($loopArray) next ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
RedneckTech Posted August 22, 2012 Author Share Posted August 22, 2012 when i try it with "false" as flag 1 i get blank results no matter what i have setup. the work backwards is supposed to be flag 2 Link to comment Share on other sites More sharing options...
iamtheky Posted August 22, 2012 Share Posted August 22, 2012 I cant say i understand exactly all the flags, but if you want to get a starting point and an ending point, this is how i would do so. Whether you work forward or backward is of no consequence. Its just the $n will need to be increasing from a number that is valid (the lowest of which is 71214 in my system log). #Include <EventLog.au3> #Include <Array.au3> $hEventLog = _EventLog__Open("", "System") $eventArray1 = _EventLog__Read($hEventLog, True, False) _ArrayDisplay ($eventArray1) ; the highest number $hEventLog = _EventLog__Close($hEventLog) $hEventLog = _EventLog__Open("", "System") $eventArray2 = _EventLog__Read($hEventLog, True, True) _ArrayDisplay ($eventArray2) ; the lowest number $hEventLog = _EventLog__Close($hEventLog) $hEventLog = _EventLog__Open("", "System") for $i = $eventArray1[1] to $eventArray2[1] step - 1 $loopArray = _EventLog__Read($hEventLog, False, False, $i) _ArrayDisplay ($loopArray) next $hEventLog = _EventLog__Close($hEventLog) ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
RedneckTech Posted August 23, 2012 Author Share Posted August 23, 2012 Thanks. didnt know that it went off record number rather than "position" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now