Python short code for reading windows Event Log

Source: Internet
Author: User
We need to retrieve the logs from the remote machine and analyze the logs. the logs are directly uploaded and backed up by dumpel.exe. I didn't find any better tools at the moment, but I had python in my hand. Below is a simple Source code Only meet your current needs

1 # -*-Coding: cp936 -*-
2 Def Usage ():
3 Print   ' -F Windows event log. EVT format backup '
4 Print   ' -O output file '
5 Print   ' -Logtype Event Log type. The default value is application. '
6
7 Def Opts (PARAM ):
8 Import Sys, getopt
9 Try :
10 Opts, argS = Getopt. getopt (SYS. argv [ 1 :], " H? F: O: logtype: " )
11 Except :
12 Usage ()
13 Return False
14
15 For Opt, Val In Opts:
16 If OPT =   ' -F ' :
17 Param [ ' F ' ] = Val
18 If OPT =   ' -O ' :
19 Param [ ' O ' ] = Val
20 If OPT =   ' -Logtype ' :
21 Param [ ' Logtype ' ] = Val
22 If OPT In [ ' -H ' , ' -? ' ]:
23 Usage ()
24 Return False
25 If (Param [ ' F ' ] =   '' ):
26 Usage ()
27 Return False
28 If (Param [ ' O ' ] =   '' ):
29 Param [ ' O ' ] = Param [ ' F ' ] +   " . Txt "
30 Return True
31
32 Def Printeventloginfo (records, OUTFILE, sourcenames, logtype ):
33 Import Win32evtlogutil
34 For Record In Records:
35 Try :
36 For Srcname In Sourcenames:
37 If STR (record. sourcename) = Srcname:
38 OUTFILE. Write ( '////////////////////////////////////// \ N ' )
39 OUTFILE. Write (win32evtlogutil. safeformatmessage (record, logtype). encode ( " MBCS " ). Replace ( ' \ R ' , '' ))
40 Except :
41 Continue ;
42
43 Def Dump ():
44 Import Win32evtlog
45 Param = { ' F ' : '' , ' O ' : '' , ' Logtype ' : ' Application ' }
46 Sourcenames = [ ' ASP. NET 2.0.50727.0 ' , '' ]
47 If   Not Opts (PARAM ):
48 Return
49 H = Win32evtlog. openbackupeventlog (none, Param [ ' F ' ])
50 Flags = Win32evtlog. eventlog_backwards_read | Win32evtlog. eventlog_sequential_read
51 OUTFILE = Open (Param [ ' O ' ], ' W ' )
52 While True:
53 Records = Win32evtlog. readeventlog (H, flags, 0)
54 If   Not Records:
55 Break ;
56 Printeventloginfo (records, OUTFILE, sourcenames, Param [ ' Logtype ' ])
57 Win32evtlog. closeeventlog (h)
58
59 If   _ Name __ = ' _ Main __ ' :
60 Dump ()
61
62

Simpledump. py-F2006-10-19-App. EVT

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.