Using _EventLog__Read to get certain period of time events

[tbaror]

Hello All,

i am trying to write a script that will retrieve on certain period of time backwards for example recent 15 min.

is it possible with _EventLog__Read or other function?

Thanks

[PsaltyDS]

Hello All,

i am trying to write a script that will retrieve on certain period of time backwards for example recent 15 min.

is it possible with _EventLog__Read or other function?

Thanks

None of the _EventLog* functions will access by time stamp. The _EventLog__Read() function will access by index number, however. This script presents the array returned by the oldest event and the ten after that going forward, then present the newest entry and the 10 before it going backwards:

#include <EventLog.au3>
#include <Array.au3>

$hAppEvt = _EventLog__Open("", "Application")
$iOldest = _EventLog__Oldest($hAppEvt)
ConsoleWrite("Debug: $iOldest = " & $iOldest & @LF)
$iNewest = $iOldest + _EventLog__Count($hAppEvt) - 1
ConsoleWrite("Debug: $iNewest = " & $iNewest & @LF)

; Read oldest and next 10 going forward
For $n = $iOldest To $iOldest + 10
    If $n = $iOldest Then
        $avAppEvt = _EventLog__Read($hAppEvt, False, True, $iOldest); Start from oldest index
    Else
        $avAppEvt = _EventLog__Read($hAppEvt, True, True); Read next entry forward
    EndIf
    _ArrayDisplay($avAppEvt, "Index = " & $n)
Next

; Read newest and previous 10 in reverse
For $n = $iNewest To $iNewest - 10 Step -1
    If $n = $iNewest Then
        $avAppEvt = _EventLog__Read($hAppEvt, False, False, $iNewest); Start from newest index
    Else
        $avAppEvt = _EventLog__Read($hAppEvt, True, False); Read next entry forward
    EndIf
    _ArrayDisplay($avAppEvt, "Index = " & $n)
Next

_EventLog__Close($hAppEvt); <== Be sure to close handle

Note that the first entry IS NOT necessarily at index 1. You will have to read the entries by index number and do your own test of the date/time stamp to find what you want.