Mailing List Archive: Python: Python

reading windows event logs

Index | Next | Previous | View Threaded

ericwoodworth at gmail

Nov 25, 2009, 12:22 PM

Post #1 of 3 (215 views)
Permalink

reading windows event logs

Hi All,
I'm looking for some guidance on a better way to read eventlogs
from windows servers. I've written a handy little app that relies on
WMI to pull the logs an in all my testing it worked great. When I
deployed it, however, WMI choked on servers with a lot of logs. I've
tried pulling the logs using much smaller VB scripts as well and they
still failed, so I'm pretty sure I'm facing a WMI problem and not a
python or system resources problem. So I couldn't effectively get
logs off of domain controllers for example or file servers that had
auditing turned on. Sadly those are exactly the types of servers
whose logs are most interesting.

So I'm looking for suggestions on a way to grab that data without
using WMI for remote machines. I know MS has C libraries for this but
I haven't touched C for 10 years so I'm hoping there's a python
equivalent out there somewhere. Any advice would be appreciated.

Thanks in advance for any help,
Eric
--
http://mail.python.org/mailman/listinfo/python-list

python at mrabarnett

Nov 25, 2009, 12:55 PM

Post #2 of 3 (191 views)
Permalink

Re: reading windows event logs [In reply to]

EW wrote:
> Hi All,
> I'm looking for some guidance on a better way to read eventlogs
> from windows servers. I've written a handy little app that relies on
> WMI to pull the logs an in all my testing it worked great. When I
> deployed it, however, WMI choked on servers with a lot of logs. I've
> tried pulling the logs using much smaller VB scripts as well and they
> still failed, so I'm pretty sure I'm facing a WMI problem and not a
> python or system resources problem. So I couldn't effectively get
> logs off of domain controllers for example or file servers that had
> auditing turned on. Sadly those are exactly the types of servers
> whose logs are most interesting.
>
> So I'm looking for suggestions on a way to grab that data without
> using WMI for remote machines. I know MS has C libraries for this but
> I haven't touched C for 10 years so I'm hoping there's a python
> equivalent out there somewhere. Any advice would be appreciated.
>
The events logs are in %SystemRoot%\system32\config and have the
extension .evt. There's info here on the file format:

http://www.whitehats.ca/main/members/Malik/malik_eventlogs/malik_eventlogs.html

--
http://mail.python.org/mailman/listinfo/python-list

skippy.hammond at gmail

Nov 25, 2009, 3:43 PM

Post #3 of 3 (185 views)
Permalink

Re: reading windows event logs [In reply to]

On 26/11/2009 7:22 AM, EW wrote:
> Hi All,
> I'm looking for some guidance on a better way to read eventlogs
> from windows servers. I've written a handy little app that relies on
> WMI to pull the logs an in all my testing it worked great. When I
> deployed it, however, WMI choked on servers with a lot of logs. I've
> tried pulling the logs using much smaller VB scripts as well and they
> still failed, so I'm pretty sure I'm facing a WMI problem and not a
> python or system resources problem. So I couldn't effectively get
> logs off of domain controllers for example or file servers that had
> auditing turned on. Sadly those are exactly the types of servers
> whose logs are most interesting.
>
> So I'm looking for suggestions on a way to grab that data without
> using WMI for remote machines. I know MS has C libraries for this but
> I haven't touched C for 10 years so I'm hoping there's a python
> equivalent out there somewhere. Any advice would be appreciated.

Look for the win32evtlog and win32evtlogutil modules which come with
pywin32 (http://sf.net/projects/pywin32)

Cheers,

Mark
--
http://mail.python.org/mailman/listinfo/python-list

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads