Jump to content

Read specific event id

Iraj

By Iraj
in AutoIt General Help and Support

 Share

Recommended Posts

Iraj Seeker

Iraj

Posted
Posted

Greetings!

 

I was exploring as I saw the below URL which reads the event logs from specific type (Application, Security, System, etc.)

So, I was in need to read a specific event id instead of the type of event, i.e. I need to read event id 1074 which lands under Security type.

Any assistance will be grateful.

 

Happy new year in advance!!

rudi Universalist

rudi

Posted
Posted

Hello and welcome to the forum.

what URL are you referencing to?

 

Regards, Rudi.

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Iraj Seeker

Iraj

Posted
  • Author
Posted
On 1/3/2023 at 6:16 PM, argumentum said:

...you'll have to read every event until you read the one you wanted to read, so discard those you don't care for.
You can also add to TaskScheduler an event ( in your case, 1074 ) and run something when triggered.

Cheers

Any other way will be grateful enough...

rudi Universalist

rudi

Posted
Posted

you can use powershell to export event log entries, or this tool by NirSoft called FullEventLogView

 

all the EVTX files are stored usually in the folder C:\Windows\System32\winevt\Logs (RunAsAdmin will be required)

 

WMI is another way to get hold of event log entries, my favorite would be using powershell (filtering at the beginning is easy), then process the results with autoit 

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...