Roger Linhart Posted October 11, 2006 Posted October 11, 2006 I was wondering if anyone knows how to read the system event logs on. I'm trying to write a program that will run in the startup folder. It will compare the the time of a particular event in the system event log indicating when the user begins the login process then compare that to the current time to determine how long it took to login. I've read some Microsoft Technet articles for VB, C++ and J# but not sure how to do this in AutoIT. http://msdn2.microsoft.com/en-us/library/k6b9a7h8.aspx
GaryFrost Posted October 24, 2006 Posted October 24, 2006 expandcollapse popup$wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Where_Clause = " WHERE Logfile = 'System' AND SourceName = 'Netlogon'" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent" & $Where_Clause, "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "Category: " & $objItem.Category & @CRLF $Output = $Output & "CategoryString: " & $objItem.CategoryString & @CRLF $Output = $Output & "ComputerName: " & $objItem.ComputerName & @CRLF $strData = $objItem.Data(0) $Output = $Output & "Data: " & $strData & @CRLF $Output = $Output & "EventCode: " & $objItem.EventCode & @CRLF $Output = $Output & "EventIdentifier: " & $objItem.EventIdentifier & @CRLF $Output = $Output & "EventType: " & $objItem.EventType & @CRLF $strInsertionStrings = $objItem.InsertionStrings(0) $Output = $Output & "InsertionStrings: " & $strInsertionStrings & @CRLF $Output = $Output & "Logfile: " & $objItem.Logfile & @CRLF $Output = $Output & "Message: " & $objItem.Message & @CRLF $Output = $Output & "RecordNumber: " & $objItem.RecordNumber & @CRLF $Output = $Output & "SourceName: " & $objItem.SourceName & @CRLF $Output = $Output & "TimeGenerated: " & WMIDateStringToDate($objItem.TimeGenerated) & @CRLF $Output = $Output & "TimeWritten: " & WMIDateStringToDate($objItem.TimeWritten) & @CRLF $Output = $Output & "Type: " & $objItem.Type & @CRLF $Output = $Output & "User: " & $objItem.User & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NTLogEvent" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFunc SciTE for AutoItDirections for Submitting Standard UDFs Don't argue with an idiot; people watching may not be able to tell the difference.
Angelia Posted November 29, 2006 Posted November 29, 2006 Hi! Would you please give me the syntax to WRITE to the event log?
MHz Posted November 29, 2006 Posted November 29, 2006 Hi! Would you please give me the syntax to WRITE to the event log?; Adds an event entry to a log file ; Example function call _LogEvent(0, 'Testing LogEvent') Exit Func _LogEvent($iType, $sMessage, $sTarget = @ComputerName) ; Adds an event entry to a log file ; Type: 0=Success, 1=Error, 2=Warning, 4=Information, 8=Audit_Success 16=Audit_Failure Local $oWshShell = ObjCreate("WScript.Shell") If Not @error Then $oWshShell.LogEvent($iType, $sMessage, $sTarget) Return True EndIf EndFunc
ptrex Posted November 29, 2006 Posted November 29, 2006 @Angelia There are many different ways to read or write to the eventlog : Run("eventcreate /T Error /ID 999 /L Application /D " & "SMART Harddisk Status : ?? ") Enjoy !! ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New
PaulIA Posted November 29, 2006 Posted November 29, 2006 There is also a full implementation of the Event Log API in Auto3Lib if none of the above work for you. Auto3Lib: A library of over 1200 functions for AutoIt
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now