1: #!perl -w
2:
3: #it scan the EventLog from now to the last time it had run
4: #looking for a couple of event qualified by source-IDnum in #the variables $coppia1 and $coppia2
5:
6: use Win32::EventLog;
7: use strict;
8: use vars qw();
9:
10: my $now=time;
11: my $lasttime=0; #this is the value that sub changemyself
12: &changemyself(); #will change
13: my $coppia1="FTPCtrs 1000";
14: my $coppia2="MSMQ 2028";
15: my $cond1=undef;
16: my $cond2=undef;
17: my $periodo=(localtime($lasttime))."\t-\t".(localtime($now))."\n\n\n";
18: print $periodo;
19: my $num;
20:
21: my $event = new Win32::EventLog("Application", ".", EVENTLOG_INFORMATION_TYPE, EVENTLOG_ERROR_TYPE, EVENTLOG_WARNING_TYPE);
22:
23: if(! $event){die "Impossibile aprire i log: $!"}
24:
25: if(! $event->GetNumber($num)) {die "Impossibile leggere gli eventi: $!"}
26:
27: while ($num--) {
28: my $flag = EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ;
29: my $ret;
30: my %hash;
31:
32: $ret = $event->Read($flag, 0, \%hash);
33: if (! $ret) {
34: die "Impossibile leggere: $!";
35: }
36: my $linea= $num."\t".$hash{TimeGenerated}." ".$hash{Source}." ".($hash{EventID} & 0xffff)."\n";
37: print $linea;
38: unless($hash{TimeGenerated}>$lasttime){die "scansione completata del periodo $periodo\n"}
39: if ($linea=~/$coppia1/){$cond1=1}
40: if (($linea=~/$coppia2/)and ($cond1=1)){&azione($linea)}
41: }
42: sub azione
43: {
44: $_=shift;
45: print"\n\n\n\n\n\n";
46: die "trovati!!\t$_"
47: }
48:
49:
50: sub changemyself{
51: open (COPIA, ">copia");
52: open (PROG, "+>>$0");
53: seek (PROG, 0, 0);
54:
55: while (<PROG>)
56: {
57: s/^(my .lasttime\s*=\s*)\d+(\s*;)/$1.$now.$2/e;
58: print COPIA;
59: }
60: close (PROG);
61: close (COPIA);
62:
63: open (COPIA, "<copia");
64: open (PROG, ">$0");
65: while (<COPIA>){print PROG}
66: close (PROG);
67: close (COPIA);
68: unlink ("copia");
69: }
70:
