Wolfteeth

"_EventLog__Open" can not read additional Windows Event logs

7 posts in this topic

I'm having trouble reading from the extra event logs, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

 

by referring to this ticket: https://www.autoitscript.com/trac/autoit/ticket/2119#no2 that it looks was resolved, however, it doesn't. would like to know if anyone knows how to fix this issue? many thanks.

Share this post


Link to post
Share on other sites



The issue has not been "resolved" it was "rejected" by Jon. So there is no solution right now.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-02-03 - Version 1.4.7.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-03 - Version 1.2.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

It seems that you need to use Powershell or VB.Net to access this additonal Eventlogs (according to Google)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-02-03 - Version 1.4.7.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-03 - Version 1.2.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Or, as was suggested in the other thread you asked this question in, use the built-in wevtutil. Something like this will get you the last three entries in that log, and can easily be adopted to a script:

wevtutil qe Microsoft-Windows-Diagnostics-Performance/Operational /c:3 /rd:true /f:text

 


When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post


Link to post
Share on other sites

aha.. sigh... it looks missed the very good function on the additional events management. however, wevtutil requires admin permission which users dont have, is there any other solution except powershell and wevtutil? 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I also searched a lot and seems there's nothing can do API call in Autoit func yet, so I have build up the workable events in below for who have the same requirements.

#include <Array.au3>

#RequireAdmin
$foo1=Run(@ComSpec & ' /c wevtutil qe Microsoft-Windows-Diagnostics-Performance/Operational /q:*[System[(EventID=100)]] /rd:true /c:1', @SystemDir, @SW_HIDE,$STDERR_CHILD + $STDOUT_CHILD)
_ReadCMDOut($foo1)

Func _ReadCMDOut($CMD)
    Local $line
    While 1
        $line = StdoutRead($CMD)
        If @error Then ExitLoop
        If $line <> "" Then
            $pBootTime = "<Data Name="&"'"&"BootTime"&"'"&">(.*?)</Data>"
            $pBootStartTime = "<Data Name="&"'"&"BootStartTime"&"'"&">(.*?)</Data>"
            $pBootEndTime = "<Data Name="&"'"&"BootEndTime"&"'"&">(.*?)</Data>"
            $pMainPathBootTime = "<Data Name="&"'"&"MainPathBootTime"&"'"&">(.*?)</Data>"
            $pBootPostBootTime = "<Data Name="&"'"&"BootPostBootTime"&"'"&">(.*?)</Data>"
            Local $aBootTime = StringRegExp($line, $pBootTime, $STR_REGEXPARRAYMATCH)
            Local $aBootStartTime = StringRegExp($line, $pBootStartTime, $STR_REGEXPARRAYMATCH)
            Local $aBootEndTime = StringRegExp($line, $pBootEndTime, $STR_REGEXPARRAYMATCH)
            Local $aMainPathBootTime = StringRegExp($line, $pMainPathBootTime, $STR_REGEXPARRAYMATCH)
            Local $aBootPostBootTime = StringRegExp($line, $pBootPostBootTime, $STR_REGEXPARRAYMATCH)
            _ArrayDisplay($aBootTime,"1")
            _ArrayDisplay($aBootStartTime,"2")
            _ArrayDisplay($aBootEndTime,"3")
            _ArrayDisplay($aMainPathBootTime,"4")
            _ArrayDisplay($aBootPostBootTime,"5")
        EndIf
    WEnd
EndFunc

 

Edited by Wolfteeth

Share this post


Link to post
Share on other sites

BTW: When posting code please use code tags (the "<>" button in the editor). Makes your script much easier to read ;)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-02-03 - Version 1.4.7.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-03 - Version 1.2.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now