![]() ![]() If you’re simply looking for a simple way to see and understand what people are printing, then you might be interested in PaperCut NG. Occasionally we might also ask customers to gather these logs to help us get a fuller understanding of what might be going wrong.Īdmittedly, these logs are very granular and not easy for people to read. Anyway, I hope you learned a lot and will find it helpful.From time to time we get questions about how to read Windows Event Logs to understand what’s going on with a print system. PyWin32 is a light wrapper around Windows’ API, so using MSDN’s instructions is fairly simple. If that documentation isn’t good enough though, you can fall back on MSDN instead. If you get stuck, it has some great documentation. And that’s all there is to it! Wrapping UpĪs you can see, using the PyWin32 package is easy. We use the traceback module to print out any errors that occur during the script’s run. We log it and then we exit the for loop and the while loop calls the win32evtlog.ReadEventLog again. Inside the while loop, we use a for loop to iterate over the events and extract the event ID, record number, event message, event source and a few other tidbits. According to the article I mentioned at the beginning, to get all the events from the log, you need to call win32evtlog.ReadEventLog repeatedly until it stops returning events. We use PyWin32’s win32evtlog module to open the event log and pull information out of it. We use the codecs modules to encode the log file in utf-8 just in case there’s some sneaky unicode in the message. Watch out for that and handle it accordingly.Īnyway, let’s unpack this script and see how it works. However, Windows 7’s events had some unicode in the message portion of the code whereas XP did not. The UAC doesn’t appear to block this activity on Windows 7, so that made it just as easy to use as XP did. ![]() I tested this from Windows XP and Windows 7. So if you have problems getting this code to run, check your permissions. I did not test it as any other type of user. I tested this code as an Administrator on my PCs and as a Domain Administrator at work. There are a couple potential caveats to this type of scripting. ![]() GetAllEvents(server, logTypes, "C:\downloads") Print traceback.print_exc(sys.exc_info()) Log.write("Event ID / Type: %s / %s\n" % (evt_id, evt_type)) Log.write("Event Date/Time: %s\n" % the_time) If not ev_obj.EventType in evt_dict.keys():Įvt_type = str(evt_dict) Msg = win32evtlogutil.SafeFormatMessage(ev_obj, logtype) Print "Total events in %s = %s" % (logtype, total)įlags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READĮvents = win32evtlog.ReadEventLog(hand,flags,0)Įvt_dict=Įvents=win32evtlog.ReadEventLog(hand,flags,0) Total = win32evtlog.GetNumberOfEventLogRecords(hand) Hand = win32evtlog.OpenEventLog(server,logtype) ![]() Log.write("Created: %s\n\n" % time.ctime()) Log.write("\n%s Log of %s Events\n" % (server, logtype)) Log = codecs.open(logPath, encoding='utf-8', mode='w') Logtype (Example: Application) and save it to the appropriately Get the event logs from the specified machine according to the Path = os.path.join(basePath, "%s_%s_log.log" % (serverName, logtype))ĭef getEventLogs(server, logtype, logPath): Once you’ve got that, then you can follow along:ĭef getAllEvents(server, logtypes, basePath): Note that the only thing other than Python that you will need is the PyWin32 package. It’s probably easiest to just jump right into the code. In this article, you’ll find out what I discovered. I thought that was an interesting topic, so I went looking for examples and found a pretty nice example on ActiveState. The other day, there was a post on one of the mailing lists that I follow about accessing the Windows Event Logs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |