I am creating a perl script to parse windows 2008 event logs using Win32::EventLog perl module unfortunately i couldn't able to get the full message text. Below is my code
use Win32::EventLog;
my $event;
my $eventSource = $ARGV[0];
my $reg_exp = $ARGV[1];
my $limit;
my $first = $count = 0;
my $found = 0;
$EventLog = new Win32::EventLog( $eventSource ) || die $!;
$EventLog->GetOldest($first) || die $!;
$EventLog->GetNumber($count) || die $!;
$Win32::EventLog::GetMessageText = 1;
$EventLog->Read((EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ),$first+
+$count,$event);
$limit = getLineno();
if ($limit == 0) {
print "Windows ".$eventSource." Event Log - Event log has not incr
+eased in size";
exit (0);
}
for $i ($first+$count-$limit+1..$first+$count)
{
$EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),0,$
+event);
#Win32::EventLog::GetMessageText($event);
#($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = localtime($ev
+ent->{'TimeGenerated'});;
$source = $event->{'Source'};
$timewritten = $event->{'Timewritten'};
$id = $event->{'EventID'} & 0xffff; #to get a readable
+ EventId
$type = $event->{'EventType'};
$category = $event->{'Category'};
$strings = $event->{'Strings'};
$computer = $event->{'Computer'};
$msg = $event->{'Message'};
#to get a readable EventId
#print "$mday/",$mon+1,"/",$year+1900,"t$hour:$mint".$event->{Message}
+."n";
if ($msg =~ /$reg_exp/)
{
print "Windows ".$eventSource." Event Log Error-EventID:".$id."-".$ms
+g."\n";
$found = 1;
}
}
$EventLog->Win32::EventLog::Close;
if ($found == 0) {
print "Windows ".$eventSource." Event Log - No Errors in Event
+log for this run";
exit (0);
}
I am running windows 2008 r2 Service pack 2.
Any idea why i can't able to get the message text but it works for me in Windows 2003 and 2008 Service pack 1
Regards
Karthik