Jump to content

Reading from additional Vista/Win7 Event Logs

idbirch

By idbirch,
in AutoIt General Help and Support

 Share

Recommended Posts

idbirch Seeker

idbirch

Posted
Posted

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work: 

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

Are you using 64-bit?

That's the default behavior of the Windows 32-bit API being used (advapi32.dll, "OpenEventLogA"). Quoting MSDN:

lpSourceName [in]

The name of the log.

If you specify a custom log and it cannot be found, the event logging service opens the Application log; however, there will be no associated message or category string file.

The only thing that stands out is that there is an "OpenEventLogW" in the 32-bit, and you might try it with that.

A lazy Google check didn't turn up a different API for 64-bit, but smarter people may know better.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
idbirch Seeker

idbirch

Posted
  • Author
Posted

I'm on 32-bit Windows 7 Enterprise (RTM). Yes, I saw in the AutoIt help file that the function will go for Application if the log specified can't be found but how can I get the AutoIt function to find the log? Or how do I get it to use the alternate function OpenEventLogW you mention?

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

I'm on 32-bit Windows 7 Enterprise (RTM). Yes, I saw in the AutoIt help file that the function will go for Application if the log specified can't be found but how can I get the AutoIt function to find the log? Or how do I get it to use the alternate function OpenEventLogW you mention?

Edit the function inside your copy of the UDF.

Or better, copy/paste it as a function in your script, change the name and edit it there.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
  • 1 year later...
  • 1 year later...
memnon Adventurer

memnon

Posted
Posted

Would be really interested in this - have nearly same problem

i want to get events out of "Microsoft-Windows-Backup" , it does not depend if i try it on 32 or 64 bit, it always shows me events from the "normal" application log

das beste Windows Support Forum: Windows 2000 Helpline und tschüss den WindowsfehlernProgrammieren: Autoit 3 - wer braucht noch VBS ?!Programmieren: Autoit 3 Forum?

Link to comment
Share on other sites
water Universalist

water

Posted
Posted

There is already a (still open) feature request in Trac: #2119

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites
  • Moderators
JLogan3o13 Universalist

JLogan3o13

Posted
  • Moderators
Posted

In the meantime, you can always use the wevtutil.exe built into Windows7. Something like this (just pulled a log at random):

wevtutil.exe qe "OAlerts"

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites
  • 3 years later...
Wolfteeth Wayfarer

Wolfteeth

Posted
Posted
On 10/13/2009 at 10:32 PM, idbirch said:

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

 

  

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

 

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

 

anyone know if the problem fixed? that I found the ticket was closed (#2119), however, it seems the problem is still not getting resolved.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...