Jump to content

Reading from additional Vista/Win7 Event Logs

idbirch

By idbirch
in AutoIt General Help and Support

 Share

Recommended Posts

idbirch Seeker

idbirch

Posted
Posted

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

PsaltyDS Universalist

PsaltyDS

Posted
Posted

  On 10/13/2009 at 2:32 PM, 'idbirch said:

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work: 

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

Are you using 64-bit?

That's the default behavior of the Windows 32-bit API being used (advapi32.dll, "OpenEventLogA"). Quoting MSDN:

  Quote

lpSourceName [in]

The name of the log.

If you specify a custom log and it cannot be found, the event logging service opens the Application log; however, there will be no associated message or category string file.

The only thing that stands out is that there is an "OpenEventLogW" in the 32-bit, and you might try it with that.

A lazy Google check didn't turn up a different API for 64-bit, but smarter people may know better.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
idbirch Seeker

idbirch

Posted
  • Author
Posted

I'm on 32-bit Windows 7 Enterprise (RTM). Yes, I saw in the AutoIt help file that the function will go for Application if the log specified can't be found but how can I get the AutoIt function to find the log? Or how do I get it to use the alternate function OpenEventLogW you mention?

PsaltyDS Universalist

PsaltyDS

Posted
Posted

  On 10/14/2009 at 7:37 AM, 'idbirch said:

I'm on 32-bit Windows 7 Enterprise (RTM). Yes, I saw in the AutoIt help file that the function will go for Application if the log specified can't be found but how can I get the AutoIt function to find the log? Or how do I get it to use the alternate function OpenEventLogW you mention?

Edit the function inside your copy of the UDF.

Or better, copy/paste it as a function in your script, change the name and edit it there.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
idbirch Seeker

idbirch

Posted
  • Author
Posted

Hm, well I switched out the function but am getting exactly the same behaviour. Anyone know of a way to reference event logs other than the standard Application, System and Security logs? There must be a way.....

  • 1 year later...
  • 1 year later...
memnon Adventurer

memnon

Posted
Posted

Would be really interested in this - have nearly same problem

i want to get events out of "Microsoft-Windows-Backup" , it does not depend if i try it on 32 or 64 bit, it always shows me events from the "normal" application log

das beste Windows Support Forum: Windows 2000 Helpline und tschüss den WindowsfehlernProgrammieren: Autoit 3 - wer braucht noch VBS ?!Programmieren: Autoit 3 Forum?

water Universalist

water

Posted
Posted

There is already a (still open) feature request in Trac: #2119

My UDFs and Tutorials:

  Reveal hidden contents

 

  • 3 years later...
Wolfteeth Wayfarer

Wolfteeth

Posted
Posted
  On 10/13/2009 at 2:32 PM, idbirch said:

I'm having trouble reading from the extra event logs found in Vista and particularly, Windows 7, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

 

  

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

 

But this just starts reeling off stuff from the Application log. I tried just "Microsoft-Windows-Diagnostics-Performance" as well with the same result. Is this supposed to work or not currently supported?

Expand  

 

anyone know if the problem fixed? that I found the ticket was closed (#2119), however, it seems the problem is still not getting resolved.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...