Tue Oct 05 10:24:39 2010: Request 61907 was acted upon.
Transaction: Ticket created by duncan.love...@bt.com
Queue: Win32-EventLog
Subject: Read event logs for "Application Channels" ?
Broken in: (no value)
Severity: (no value)
Owner: Nobody
Requestors: duncan.love...@bt.com
Status: new
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=61907 >
Hi,
We're trying to read event logs with "application" channels as opposed to
"global" channels, as documented here
http://msdn.microsoft.com/en-us/library/bb756956.aspx on Windows 2008.
We find the Win32::Event module will only accept source names that correspond
to "global" channels and exist in the registry under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog, typically just
"System", "Security" and "Application". On our system there are many more event
logs - see below - which contain events from application channels and which we
are unable to read with the Win32::EventLog package. The latter exist in the
registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels.
Is there a way and if not, should the package be enhanced ?
Duncan.
$ ls C:/Windows/System32/winevt/Logs/
Application.evtx
HardwareEvents.evtx
Internet Explorer.evtx
Key Management Service.evtx
Microsoft-Windows-Bits-Client%4Operational.evtx
Microsoft-Windows-CodeIntegrity%4Operational.evtx
Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx
Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx
Microsoft-Windows-DateTimeControlPanel%4Operational.evtx
Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx
Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
Microsoft-Windows-Diagnostics-Networking%4Operational.evtx
Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
Microsoft-Windows-EventCollector%4Operational.evtx
Microsoft-Windows-Forwarding%4Operational.evtx
Microsoft-Windows-GroupPolicy%4Operational.evtx
Microsoft-Windows-Help%4Operational.evtx
Microsoft-Windows-International%4Operational.evtx
Microsoft-Windows-Kernel-WDI%4Operational.evtx
Microsoft-Windows-Kernel-WHEA.evtx
Microsoft-Windows-LanguagePackSetup%4Operational.evtx
Microsoft-Windows-MUI%4Operational.evtx
Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx
Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx
Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx
Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
Microsoft-Windows-RestartManager%4Operational.evtx
Microsoft-Windows-Security-Configuration-Wizard%4Diagnostic.etl
Microsoft-Windows-Security-Configuration-Wizard%4Operational.etl
Microsoft-Windows-ServerManager%4Analytic.etl
Microsoft-Windows-ServerManager%4Operational.evtx
Microsoft-Windows-TaskScheduler%4Operational.evtx
Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx
Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx
Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx
Microsoft-Windows-UAC%4Operational.evtx
Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
Microsoft-Windows-Winlogon%4Operational.evtx
Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
Security.evtx
Setup.evtx
System.evtx
Windows PowerShell.evtx
administra...@mmrlab195 ~
$
