"_EventLog__Open" can not read additional Windows Event logs

[Wolfteeth]

I'm having trouble reading from the extra event logs, I want to parse the boot performace information from the "Applications and Services Logs" section (Microsoft -> Windows -> Diagnostics-Performace) but _EventLog__Open keeps just reverting to the standard Application log. Here's what I thought would work:

#include <EventLog.au3>
#include <Array.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Diagnostics-Performance/Operational")

While 1
    $arrEvt = _EventLog__Read($hEventLog, True, False)
    _ArrayDisplay($arrEvt)
WEnd

 

by referring to this ticket: https://www.autoitscript.com/trac/autoit/ticket/2119#no2 that it looks was resolved, however, it doesn't. would like to know if anyone knows how to fix this issue? many thanks.

[water]

The issue has not been "resolved" it was "rejected" by Jon. So there is no solution right now.

[water]

It seems that you need to use Powershell or VB.Net to access this additonal Eventlogs (according to Google)

[JLogan3o13]

Or, as was suggested in the other thread you asked this question in, use the built-in wevtutil. Something like this will get you the last three entries in that log, and can easily be adopted to a script:

wevtutil qe Microsoft-Windows-Diagnostics-Performance/Operational /c:3 /rd:true /f:text

 

[Wolfteeth]

aha.. sigh... it looks missed the very good function on the additional events management. however, wevtutil requires admin permission which users dont have, is there any other solution except powershell and wevtutil? 

[Wolfteeth]

I also searched a lot and seems there's nothing can do API call in Autoit func yet, so I have build up the workable events in below for who have the same requirements.

#include <Array.au3>

#RequireAdmin
$foo1=Run(@ComSpec & ' /c wevtutil qe Microsoft-Windows-Diagnostics-Performance/Operational /q:*[System[(EventID=100)]] /rd:true /c:1', @SystemDir, @SW_HIDE,$STDERR_CHILD + $STDOUT_CHILD)
_ReadCMDOut($foo1)

Func _ReadCMDOut($CMD)
    Local $line
    While 1
        $line = StdoutRead($CMD)
        If @error Then ExitLoop
        If $line <> "" Then
            $pBootTime = "<Data Name="&"'"&"BootTime"&"'"&">(.*?)</Data>"
            $pBootStartTime = "<Data Name="&"'"&"BootStartTime"&"'"&">(.*?)</Data>"
            $pBootEndTime = "<Data Name="&"'"&"BootEndTime"&"'"&">(.*?)</Data>"
            $pMainPathBootTime = "<Data Name="&"'"&"MainPathBootTime"&"'"&">(.*?)</Data>"
            $pBootPostBootTime = "<Data Name="&"'"&"BootPostBootTime"&"'"&">(.*?)</Data>"
            Local $aBootTime = StringRegExp($line, $pBootTime, $STR_REGEXPARRAYMATCH)
            Local $aBootStartTime = StringRegExp($line, $pBootStartTime, $STR_REGEXPARRAYMATCH)
            Local $aBootEndTime = StringRegExp($line, $pBootEndTime, $STR_REGEXPARRAYMATCH)
            Local $aMainPathBootTime = StringRegExp($line, $pMainPathBootTime, $STR_REGEXPARRAYMATCH)
            Local $aBootPostBootTime = StringRegExp($line, $pBootPostBootTime, $STR_REGEXPARRAYMATCH)
            _ArrayDisplay($aBootTime,"1")
            _ArrayDisplay($aBootStartTime,"2")
            _ArrayDisplay($aBootEndTime,"3")
            _ArrayDisplay($aMainPathBootTime,"4")
            _ArrayDisplay($aBootPostBootTime,"5")
        EndIf
    WEnd
EndFunc

 

Edited June 1, 2016 by Wolfteeth

[water]

BTW: When posting code please use code tags (the "<>" button in the editor). Makes your script much easier to read