×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Reading Event Logs in Win2008
2

thread219-1736872

Reading Event Logs in Win2008

Reading Event Logs in Win2008

(OP)
I've been successfully using a home-grown event viewer that used

CODE

$handle=Win32::EventLog->new($event_group, $server_name) ;
where $event_group was one of the basic "Application", "System", or "Security".

One of the routines looked for print jobs to help me keep track of the heaviest users. Either they got first dibs on printer maintenance or see if I could find a way to curtail their printing .. anyway, I now have a Win2008 server - of which MS kindly decided to move the location of where print events are saved. I can find them under the event viewer gui, but not sure how to translate that into it's like name thru Win32::EventLog

I've found some info on EventForwarding which I'd rather avoid if I could. From one perspective, this will only add a level of complexity to something I have that already works (mostly works).

RE: Reading Event Logs in Win2008

2
(OP)
Well - never found out how to do this the way I wanted (which essentially involved changing the least amount of code possible). My original method used the 'EventLog' routine as presented above. This was nice as I was able to process data inline. What I came up with is less efficient but it works and in the end that's all I really need. The high level idea here is to run several power-shell commands to generate my own log files, then to read the log files and process them. Effectively the $handle variable as defined above is being replaced with a file handle pointing to a *.txt file. Here is the code I used. The first connects to a Win2008 server (which started all this) the second connects to a Win2003 server (of which I still have several)

The 'get-winevent' and 'get-eventlog' are the two main commands of note here

CODE --> powershell

$date = (get-date).AddDays(-30)
$outdir  = "I:\usr\local\tool_kit\Data_Dumps"
$server  = "TRE-AS-03"
$logname = "Microsoft-Windows-PrintService/Operational"
$logref  = "PrintService"
$outfile = "${server}_${logref}.txt"
$outpath = "$outdir\$outfile"
get-winevent -computername $server -FilterHashTable @{ logname = $logname; StartTime = $date} | format-list >$outpath

$server  = "TRE-AS-01"
$logname = "System"
$logref  = $logname
$outfile = "${server}_${logref}.txt"
$outpath = "$outdir\$outfile"
get-eventlog -Log $logname -computername $server -After $date | format-list >$outpath

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close