Obtaining the Message for an Event Log Record
As discussed previously, the text for a message is not written to the
Event Log, just the inserts specific to
this record. Obtaining the text for an Event Log record isn’t a
trivial matter; it requires you to look up the registry, then call a
complicated Win32 function to format the message. Fortunately, the
win32evtlogutil
module comes to the rescue.
There are two functions in this module that deal with formatting
messages.
win32evtlogutil.FormatMessage()
returns a formatted message, raising
an exception if an error occurs (such as not being able to locate the
source of the message text).
win32evtlogutil.SafeFormatMessage()
is similar, but it traps the
exceptions and returns a useful value. Let’s change the feeder
function to print the full Event Log message:
>>> def CheckRecord(record): ... if str(record.SourceName)=="WinSock Proxy Client": ... print win32evtlogutil.SafeFormatMessage(record) ...
And feed Event Log records to it:
>>> win32evtlogutil.FeedEventLogRecords(CheckRecord) Application [DCCMAN.EXE]. The application was started while the service manager was locked and NtLmSsp wasn't running. If the application will try to remote via WinSock Proxy it can cause a deadlock with the service manager. [and lots more boring stuff!]
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access