Python 使用Win32 EVTLOG模块读取windows事件日志
下面是代码,它给出了日志的总数87399,但是当读取日志时,它只返回一个7记录列表Python 使用Win32 EVTLOG模块读取windows事件日志,python,readeventlog,Python,Readeventlog,下面是代码,它给出了日志的总数87399,但是当读取日志时,它只返回一个7记录列表 import win32evtlog server = 'localhost' logtype = 'Application' hand = win32evtlog.OpenEventLog(server,logtype) flags = win32evtlog.EVENTLOG_SEQUENTIAL_READ | win32evtlog.EVENTLOG_BACKWARDS_READ total = win3
import win32evtlog
server = 'localhost'
logtype = 'Application'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_SEQUENTIAL_READ | win32evtlog.EVENTLOG_BACKWARDS_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
events=win32evtlog.ReadEventLog(hand,flags,0)
print "Total number of Event record ",total #Returning 87399
print "Log record read",len(events) #Returning 7
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
print 'Computer Name:', event.ComputerName
print 'Data Name:', event.Data
print type(event)
import win32evtlog # requires pywin32 pre-installed
server = 'localhost' # name of the target computer to get event logs
logtype = 'System' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
while True:
events = win32evtlog.ReadEventLog(hand, flags,0)
if events:
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
data = event.StringInserts
if data:
print 'Event Data:'
for msg in data:
print msg
print
注意:使用while true循环事件,以便我们可以获得每个事件 此代码仅返回几天前发生的事件,它不会实时捕获新事件…:(此代码仅返回几天前发生的事件,它不会实时捕获新事件…:(