Roger Linhart Posted October 11, 2006 Share Posted October 11, 2006 I was wondering if anyone knows how to read the system event logs on. I'm trying to write a program that will run in the startup folder. It will compare the the time of a particular event in the system event log indicating when the user begins the login process then compare that to the current time to determine how long it took to login. I've read some Microsoft Technet articles for VB, C++ and J# but not sure how to do this in AutoIT. http://msdn2.microsoft.com/en-us/library/k6b9a7h8.aspx Link to comment Share on other sites More sharing options...
GaryFrost Posted October 24, 2006 Share Posted October 24, 2006 expandcollapse popup$wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Where_Clause = " WHERE Logfile = 'System' AND SourceName = 'Netlogon'" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent" & $Where_Clause, "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "Category: " & $objItem.Category & @CRLF $Output = $Output & "CategoryString: " & $objItem.CategoryString & @CRLF $Output = $Output & "ComputerName: " & $objItem.ComputerName & @CRLF $strData = $objItem.Data(0) $Output = $Output & "Data: " & $strData & @CRLF $Output = $Output & "EventCode: " & $objItem.EventCode & @CRLF $Output = $Output & "EventIdentifier: " & $objItem.EventIdentifier & @CRLF $Output = $Output & "EventType: " & $objItem.EventType & @CRLF $strInsertionStrings = $objItem.InsertionStrings(0) $Output = $Output & "InsertionStrings: " & $strInsertionStrings & @CRLF $Output = $Output & "Logfile: " & $objItem.Logfile & @CRLF $Output = $Output & "Message: " & $objItem.Message & @CRLF $Output = $Output & "RecordNumber: " & $objItem.RecordNumber & @CRLF $Output = $Output & "SourceName: " & $objItem.SourceName & @CRLF $Output = $Output & "TimeGenerated: " & WMIDateStringToDate($objItem.TimeGenerated) & @CRLF $Output = $Output & "TimeWritten: " & WMIDateStringToDate($objItem.TimeWritten) & @CRLF $Output = $Output & "Type: " & $objItem.Type & @CRLF $Output = $Output & "User: " & $objItem.User & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NTLogEvent" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFunc SciTE for AutoItDirections for Submitting Standard UDFs Don't argue with an idiot; people watching may not be able to tell the difference. Link to comment Share on other sites More sharing options...
Angelia Posted November 29, 2006 Share Posted November 29, 2006 Hi! Would you please give me the syntax to WRITE to the event log? Link to comment Share on other sites More sharing options...
MHz Posted November 29, 2006 Share Posted November 29, 2006 Hi! Would you please give me the syntax to WRITE to the event log?; Adds an event entry to a log file ; Example function call _LogEvent(0, 'Testing LogEvent') Exit Func _LogEvent($iType, $sMessage, $sTarget = @ComputerName) ; Adds an event entry to a log file ; Type: 0=Success, 1=Error, 2=Warning, 4=Information, 8=Audit_Success 16=Audit_Failure Local $oWshShell = ObjCreate("WScript.Shell") If Not @error Then $oWshShell.LogEvent($iType, $sMessage, $sTarget) Return True EndIf EndFunc Link to comment Share on other sites More sharing options...
ptrex Posted November 29, 2006 Share Posted November 29, 2006 @Angelia There are many different ways to read or write to the eventlog : Run("eventcreate /T Error /ID 999 /L Application /D " & "SMART Harddisk Status : ?? ") Enjoy !! ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
PaulIA Posted November 29, 2006 Share Posted November 29, 2006 There is also a full implementation of the Event Log API in Auto3Lib if none of the above work for you. Auto3Lib: A library of over 1200 functions for AutoIt Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now