http://www.perlmonks.org?node_id=931171


in reply to Win32::EventLog not returning all events?

For some hints see http://www.le-berre.com/perl/perldoc.htm#Hacks and Help understanding Win32::Eventlog

And see this, seems to work :) its a start, definitely an improvement over raw Win32::EventLog but it does need some flushing out 

#!/usr/bin/perl --
use strict;
use warnings;
use Data::Dumper;

Main( @ARGV );
exit( 0 );

sub Main {
    my $e = MyEventLog->new("Application");
    
    print DD( { $e->First } );
    
    my $rec = $e->Last ;
    print DD( $rec );
    print DD( { $rec->Prev } );
}

sub DD { Data::Dumper->new([@_])->Useqq(1)->Dump; }

BEGIN {
    package MyEventLog::Entry;
    use Scalar::Util qw' weaken ';
    $INC{'MyEventLog/Entry.pm'} = __FILE__;
    sub new {
        my( $class, $parent, $self ) = @_;
        $self->{MyEventLog} = $parent;
        weaken $self->{MyEventLog} ;
        return bless $self, $class;
    }
    sub Prev { # sub Previous {
        my( $self ) = @_;
        return $self->{MyEventLog}->Get( $self->{RecordNumber} - 1 );
    }
    sub Next { # sub Nextious {
        my( $self ) = @_;
        return $self->{MyEventLog}->Get( $self->{RecordNumber} + 1 );
    }
    
    package MyEventLog;
    use Win32::EventLog;
    $INC{'MyEventLog.pm'} = __FILE__;
    sub new {
        my( $package, $eventLog , $computerName ) = @_;
        $computerName ||= $ENV{ComputerName};
        my $handle=Win32::EventLog->new($eventLog, $computerName)
            or die "Can't open Application EventLog\n";
        my $recs;
        $handle->GetNumber($recs)
            or die "Can't get number of EventLog records\n";
        my $base;
        $handle->GetOldest($base)
            or die "Can't get number of oldest EventLog record\n";
        return bless {
            handle => $handle,
            recs => $recs,
            base => $base,
            GetMessageText  => !!1, 
        }, $package;
    }
    sub Add { die "todo , # update recs" }
    sub First { return shift->GetNth( 0 ); }
    sub Last { return shift->GetNth( -1 ); }
    sub GetNth {
        my( $self, $ix ) = @_;
        if( $ix < 0 ){
            $ix += 1 + $self->{recs};
        } else {
            $ix += $self->{base};
        }
        return $self->Get( $ix );
    }
    sub Get {
        my( $self, $ix ) = @_;
        local $Win32::EventLog::GetMessageText = $self->{GetMessageTex
+t};
        my $hashRef = {};
        $self->{handle}->Read(
            Win32::EventLog::EVENTLOG_FORWARDS_READ()
            |
            Win32::EventLog::EVENTLOG_SEEK_READ()
            ,
            $ix,
            $hashRef
        )
            or die "Can't read EventLog entry #$ix\n";
        
        return %$hashRef if  wantarray;
        return MyEventLog::Entry->new( $self => $hashRef );
    }
    1;
}

__END__

[download]

Don't ask me to explain anything, instead read Modern Perl: the free book

In Section Seekers of Perl Wisdom