Tim Golden wrote: > Daren Russell wrote: >> I've been having a look at the wmi module in the hope of being able to >> read the event logs of a windows server and save them as a standard text >> file for archival purposes. >> >> However, the only method I can see is the BackupEventLog method. I kind >> of figured if I opened the log, and did a for loop through it I could >> read each event logged - this doesn't seem to be the case ;-) (or I'm >> being a bit dumb ;-) ) >> >> Is it possible to read individual events from an already written log >> file using this module? If there is a documented method (I've found the >> watcher method, but do not want this) then all pointers to relevant >> documentation (or snippets of code!) appreciated. > > Welcome to WMI! There's so much WMI stuff around the web (not usually > referring to Python) that usually a search such as "wmi read event log" > will be enough to set you on the right path: > > http://www.google.co.uk/search?q=wmi+read+event+log > > Obviously, you then have to translate the examples into Python, > which is rarely difficult once you've got the hang... To get you > going here's a really basic query making use only of the fact > that I can get the name of the relevant WMI class from the > watcher example you refer to: > > <code> > import wmi > > c = wmi.WMI () # can put other server here if needed > for i in c.Win32_NTLogEvent (): > print i > break > > </code> > > Since the "print i" bit outputs a useful dump, we can > see that the Win32_NTLogEvent records have fields such > as: EventType and Logfile. The EventType you have to > search for: > > http://www.google.co.uk/search?q=Win32_NTlogevent+eventtype > > but amounts to 2 for, say, Warnings. > > Taken all together, you can query the System log for Warnings > like this (you might want to qualify the time as well): > > <code> > import wmi > > c = wmi.WMI () > for log in c.Win32_NTLogEvent (EventType=2, Logfile="System"): > print log > > </code> > > Hope that gets you on your way. > > TJG
Hi Tim, Thanks for that. I have found an example for what I want written in VBS, which is why I tried the for... loop I mentioned, as that is basically what that script did (though I'm even worse at vbs than I am with Python ;-) ) I've found details on the MSDN site, listing the class and now I (sort of!!) understand how it links in with your wmi module, but is there a way to get all events in one go, as that is basically what I need to do to write a text version of the log to an archive. If I leave the EventType parameter out, it defaults to '3' - I guess I could do multiple queries and then sort the output by retrieved dates, but it seems a bit long winded! Thanks again for your help and the pointers. Daren _______________________________________________ python-win32 mailing list [email protected] http://mail.python.org/mailman/listinfo/python-win32
