Jump to content

_EventLog_Read possible issue with the function?


Recommended Posts

Anyone played with this enough?

$hEventLog = _EventLog_Open("", "System")

_EventLog_Read($hEventLog, True, False)

Works

$hEventLog = _EventLog_Open("", "System")

_EventLog_Read($hEventLog, False, either, anything)

Fails. Doesnt error, but pulls nothing

I have tried putting in variables, positive integers, negative integers, and other commands while using both true and false for flag2, but if flag 1 is False nothing will read. This does not work as I want to use the following inside of a while loop

_EventLog_Read($hEventLog, False, False, $n)

with an ever increasing $n.

Really needing some help on here. if there's something im missing it would be greatly appreciated.

Link to comment
Share on other sites

  • Moderators

Hi, RedNeckTech. If you want to return a specific field from the Event Log, you have to specify the array index. This works for me:

#include <EventLog.au3>

$hEventLog = _EventLog__Open("", "System")

For $i = 1 To 10
$aEvent = _EventLog__Read($hEventLog, True, False, $i)
  MsgBox(0, "", $aEvent[13])
Next

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

sorry. i have done that. here is what i have. same issue applies:

#include <EventLog.au3>
#include <date.au3>

$n = 1
$timediff = 0
While $timediff < 24
   $hEventLog = _EventLog__Open("", "System")
   $aEvent = _EventLog__Read($hEventLog, False, False, 0)
   $timearray = StringSplit( $aEvent[5], ":")
   MsgBox(0, "", $aEvent[4])
   MsgBox(0, "", $aEvent[5])
   $datearray = StringSplit( $aEvent[4], "/")
   MsgBox(0, "", $datearray[0])
   $24hour = $timearray[1]
   If StringInStr ( $aEvent[5], "PM" ) Then
      MsgBox(0, "", "PM")
      $24hour = $timearray[1] + 12
   EndIf
   If $datearray[2] <> @MDAY Then
      MsgBox(0, "", $datearray[2])
      $24hour = $24hour + 24
   EndIf
   $hours = @HOUR
   $timediff = $hours - $24hour
   If $timediff < 24 Then
      ;_Analyze()
      $n = $n + 1
   EndIf
WEnd

Func Analyze()
   If $aEvent [10] = "Windows AntiMalware" Then
      If $aEvent[8] <> "information" Then
         FileOpen (@WorkingDir & "WinAMLog.txt", 1)
         FileWriteLine ( @WorkingDir & "WinAMLog.txt", $aEvent[2] & " " & $aEvent[3] & " - " & $aEvent[13] )
      EndIf
   EndIf
EndFunc
Link to comment
Share on other sites

working backwards from the latest entry, i believe:

#Include <EventLog.au3>
#Include <Array.au3>

$hEventLog = _EventLog__Open("", "System")
$eventArray = _EventLog__Read($hEventLog, True, False)
_ArrayDisplay ($eventArray)

for $i = $eventArray[1] - 1 to 0 step - 1
$loopArray = _EventLog__Read($hEventLog, False, False, $i)
_ArrayDisplay ($loopArray)
next

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

I cant say i understand exactly all the flags, but if you want to get a starting point and an ending point, this is how i would do so. Whether you work forward or backward is of no consequence. Its just the $n will need to be increasing from a number that is valid (the lowest of which is 71214 in my system log).

#Include <EventLog.au3>
#Include <Array.au3>

$hEventLog = _EventLog__Open("", "System")
$eventArray1 = _EventLog__Read($hEventLog, True, False)
_ArrayDisplay ($eventArray1) ; the highest number
$hEventLog = _EventLog__Close($hEventLog)

$hEventLog = _EventLog__Open("", "System")
$eventArray2 = _EventLog__Read($hEventLog, True, True)
_ArrayDisplay ($eventArray2) ; the lowest number
$hEventLog = _EventLog__Close($hEventLog)

$hEventLog = _EventLog__Open("", "System")
for $i = $eventArray1[1] to $eventArray2[1] step - 1
$loopArray = _EventLog__Read($hEventLog, False, False, $i)
_ArrayDisplay ($loopArray)
next
$hEventLog = _EventLog__Close($hEventLog)

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...