Eyck has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to read windows EventLog:
$evHandle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEQUENTIAL_READ,0,$hr) ||die; use Data::Dumper;say Dumper($hr); Win32::EventLog::GetMessageText($hr);# Try to decode the # message text? print "Computer:".$hr->{Computer}." Source:".$hr->{Source}"; print " TS:".scalar(gmtime($hr->{TimeGenerated})); print " Category:".$hr->{Category}; print " EventType:".$hr->{EventType}." TXT:".$hr->{Message};
and for some messages this works fine, but some come up empty: "System Computer:LUBSS056 Source:Server Agents TS:Thu Apr 10 14:00:44 2008 Category:1 EventType:4 TXT:."

As far as I know, this might happen if I'm reading the EventLog remotely, and I don't have access to EventLog decoding dlls on my machine, but since I'm reading locally, I believe this shouldn't happen.

Replies are listed 'Best First'.
Re: Win32::EventLog: how to convert EventLog hash to text
by Anonymous Monk on Feb 11, 2009 at 11:08 UTC
    What does Win32::GetLastError() print?
      1337 (oh wait, no, this one probably comes from SID-resolving subroutine),

      without it, it either says '0' or '997'.

      The only nice error code is '317' which seems to be '317 The system cannot find message text for message number 0x%1 in the message file for %2.'