Windows Event Logging

[Brian Scott]

Hello,

Anyone know a way to read Window eventlogs remotely and add them to a
mysql database for a webpage to create reports from?


I have looked at Win32-event & win32-eventlog and with no luck so far.

 

[F. Senault]

Le 13 novembre 2007 à 23:04, Brian Scott a écrit :

I have looked at Win32-event & win32-eventlog and with no luck so far.

Microsoft gives away a tool called logparser [1], which exports an
eventlog to CSV or XML. From there, you can slurp the file and analyze
it with ruby.

Of course, you need to run it from a windows box (or maybe with another
OS, wine, and a good dose of luck).

Fred
[1] : http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx

 

[Glen Holcomb]

Hello,

Anyone know a way to read Window eventlogs remotely and add them to a
mysql database for a webpage to create reports from?


I have looked at Win32-event & win32-eventlog and with no luck so far.

You should be able to do it with WMI. Without doing some research I'm
not sure exactly how though.

The following code runs without error but I have no idea what the
structure of the returned object is so have no way of knowing how to
drill into it for useful data:

wmi = WIN32OLE.connect("winmgmts:\\\\" + machinename + "\\root\\cimv2")
wmi.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application'")

To be honest I'm not sure this is working properly, WMI can be pretty
crappy about feedback, from my experience. The last time I used this,
I was creating home directories on remote machines when people
requested accounts, I had to do a lot of trial and error. I'm not a
Windows guy either though.

 

[Daniel Berger]

Hello,

Anyone know a way to read Window eventlogs remotely and add them to a
mysql database for a webpage to create reports from?

I have looked at Win32-event & win32-eventlog and with no luck so far.

You want win32-eventlog. As per the docs, you specify the remote host
name as the second argument to EventLog.new:

require 'win32/eventlog'
include Win32

# Replace 'Application' with whatever event source you want
EventLog.new('Application', some_host) do |log|
p log
end

Putting the event log descriptions into a MySQL database is something
you'll have to do on your own.

Regards,

Dan

 

[Peña, Botp]

From: Brian Scott [mailto:[email protected]]=20
# Anyone know a way to read Window eventlogs remotely and add=20
# them to a =20
# mysql database for a webpage to create reports from?
#=20
# I have looked at Win32-event & win32-eventlog and with no luck so far.

what is wrong w win32-eventlog?
you can even do realtime monitor w it using eventlog#tail or =
evenlog#change_notify...

kind regards -botp