A Simpler Way to Read Event Log Records
The
function
win32evtlogutil.FeedEventLogRecords()
is a helper function that makes
working with Event Log records easier. To use this function, you
supply your own function that takes a single parameter. As records
are read, your function is called with the Event Log record. To
demonstrate, let’s write a function that obtains all Event Log
records for the “WinSock Proxy Client” application.
First, define the “Feeder” function:
>>> def CheckRecord(record): ... if str(record.SourceName)=="WinSock Proxy Client": ... print "Have Event ID %s written at %s" % \ ... (record.EventID, record.TimeWritten.Format()) ... ...
Then feed Event Log records to this function. Now call
FeedEventLogRecords() specifying your function as
the first parameter:
>>> win32evtlogutil.FeedEventLogRecords(CheckRecord) Have Event ID -2147483645 written at 01/27/99 11:42:22 Have Event ID -2147483645 written at 01/27/99 11:42:13 Have Event ID -2147483645 written at 01/27/99 11:42:10 Have Event ID -2147483645 written at 01/21/99 21:46:43 >>>
Note that win32evtlogutil.FeedEventLogRecords()
takes additional parameters allowing you to specify which Event Log
to read, and the order for records to be obtained. See the
win32evtlogutil.py module for details.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access