Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reading Event Logs in Win2008 2

Status
Not open for further replies.
PinkeyNBrain

PinkeyNBrain

IS-IT--Management
Dec 12, 2006
279
US
I've been successfully using a home-grown event viewer that used
Code: 
$handle=Win32::EventLog->new($event_group, $server_name) ;
where $event_group was one of the basic "Application", "System", or "Security".

One of the routines looked for print jobs to help me keep track of the heaviest users. Either they got first dibs on printer maintenance or see if I could find a way to curtail their printing .. anyway, I now have a Win2008 server - of which MS kindly decided to move the location of where print events are saved. I can find them under the event viewer gui, but not sure how to translate that into it's like name thru Win32::EventLog

I've found some info on EventForwarding which I'd rather avoid if I could. From one perspective, this will only add a level of complexity to something I have that already works (mostly works).
 
Sort by date Sort by votes
Well - never found out how to do this the way I wanted (which essentially involved changing the least amount of code possible). My original method used the 'EventLog' routine as presented above. This was nice as I was able to process data inline. What I came up with is less efficient but it works and in the end that's all I really need. The high level idea here is to run several power-shell commands to generate my own log files, then to read the log files and process them. Effectively the $handle variable as defined above is being replaced with a file handle pointing to a *.txt file. Here is the code I used. The first connects to a Win2008 server (which started all this) the second connects to a Win2003 server (of which I still have several)

The 'get-winevent' and 'get-eventlog' are the two main commands of note here
Code: 
$date = (get-date).AddDays(-30)
$outdir  = "I:\usr\local\tool_kit\Data_Dumps"
$server  = "TRE-AS-03"
$logname = "Microsoft-Windows-PrintService/Operational"
$logref  = "PrintService"
$outfile = "${server}_${logref}.txt"
$outpath = "$outdir\$outfile"
get-winevent -computername $server -FilterHashTable @{ logname = $logname; StartTime = $date} | format-list >$outpath

$server  = "TRE-AS-01"
$logname = "System"
$logref  = $logname
$outfile = "${server}_${logref}.txt"
$outpath = "$outdir\$outfile"
get-eventlog -Log $logname -computername $server -After $date | format-list >$outpath
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
218
mikrom
mikrom
ss_ham
  • Locked
  • Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
212
ss_ham
ss_ham
rob54321
  • Locked
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
376
rob54321
rob54321
Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
164
Dino_1000
Dino_1000
dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
230
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top