reading windows event logs

E

EW

Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.

Thanks in advance for any help,
Eric
 
M

MRAB

EW said:
Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.
The events logs are in %SystemRoot%\system32\config and have the
extension .evt. There's info here on the file format:

http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html
 
M

Mark Hammond

Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.

Look for the win32evtlog and win32evtlogutil modules which come with
pywin32 (http://sf.net/projects/pywin32)

Cheers,

Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,705
Latest member
Stefkari24

Latest Threads

Top