Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Unable to get message text from Windows 2008 Event Log

by kar_thik82 (Novice)
on Jan 31, 2013 at 14:59 UTC ( #1016332=perlquestion: print w/ replies, xml ) Need Help??
kar_thik82 has asked for the wisdom of the Perl Monks concerning the following question:

I am creating a perl script to parse windows 2008 event logs using Win32::EventLog perl module unfortunately i couldn't able to get the full message text. Below is my code

use Win32::EventLog; my $event; my $eventSource = $ARGV[0]; my $reg_exp = $ARGV[1]; my $limit; my $first = $count = 0; my $found = 0; $EventLog = new Win32::EventLog( $eventSource ) || die $!; $EventLog->GetOldest($first) || die $!; $EventLog->GetNumber($count) || die $!; $Win32::EventLog::GetMessageText = 1; $EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ),$first+ +$count,$event); $limit = getLineno(); if ($limit == 0) { print "Windows ".$eventSource." Event Log - Event log has not incr +eased in size"; exit (0); } for $i ($first+$count-$limit+1..$first+$count) { $EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),0,$ +event); #Win32::EventLog::GetMessageText($event); #($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime($ev +ent->{'TimeGenerated'});; $source = $event->{'Source'}; $timewritten = $event->{'Timewritten'}; $id = $event->{'EventID'} & 0xffff; #to get a readable + EventId $type = $event->{'EventType'}; $category = $event->{'Category'}; $strings = $event->{'Strings'}; $computer = $event->{'Computer'}; $msg = $event->{'Message'}; #to get a readable EventId #print "$mday/",$mon+1,"/",$year+1900,"t$hour:$mint".$event->{Message} +."n"; if ($msg =~ /$reg_exp/) { print "Windows ".$eventSource." Event Log Error-EventID:".$id."-".$ms +g."\n"; $found = 1; } } $EventLog->Win32::EventLog::Close; if ($found == 0) { print "Windows ".$eventSource." Event Log - No Errors in Event +log for this run"; exit (0); }

I am running windows 2008 r2 Service pack 2. Any idea why i can't able to get the message text but it works for me in Windows 2003 and 2008 Service pack 1

Regards

Karthik

Comment on Unable to get message text from Windows 2008 Event Log
Download Code
Re: Unable to get message text from Windows 2008 Event Log
by BrowserUk (Pope) on Jan 31, 2013 at 15:12 UTC

    If you Google "2008 service pack 2 event log", it looks like SP2 may well have introduced some bugs.


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

      Thanks for the information but its quite strange that i couldn't able to get the message from source category "Service Control Manager". Is it a known bug in "Win32::EventLog"?

      Regards

      Karthik

        Is it a known bug in "Win32::EventLog"?

        I've no idea. But if the module works on service pack 1, and not service pack 2, there are two possibilities:

        1. Service Pack 2 introduced a bug which only MS will be able to fix.
        2. Service Pack 2 changed the OS in such a way that Win32::EventLog will need modifications.

        Win32 APIs usually maintain backward compatibility, and looking at the amount of buzz concerning Event log errors and SP2, it looks most likely to be a bug in the SP rather than anything that the module, perl or you can fix.

        Reading some of the buzz, it looks like MS have provided hotfixes for several related problems, so that woul dbe my first avenue of research for finding a way around the problem. (Basically, I'm suggesting that you contact MS.)


        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1016332]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (13)
As of 2014-10-22 12:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (118 votes), past polls