如何在python中读取“应用程序和服务日志”下的事件日志?
[英]how to read event logs under "Applications and Services Logs" in python?
问题描述
I want to read some event logs that are under "Applications and Services Logs" preferably using pywin32 -> win32evtlog .
我想阅读“应用程序和服务日志”下的一些事件日志,最好使用pywin32 -> win32evtlog 。
I can read event logs that are part of "System", "Application", "security" and other standard logs.我可以阅读属于“系统”、“应用程序”、“安全”和其他标准日志的事件日志。 but when I try to read some logs for example from "Microsoft-Windows-TWinUI/Operational", I will get logs of "Application".但是当我尝试从“Microsoft-Windows-TWinUI/Operational”中读取一些日志时,我会得到“应用程序”的日志。
according to MSDN the problem with getting "Application" logs instead of the desired logs is because the custom log cannot be found.根据MSDN ,获取“应用程序”日志而不是所需日志的问题是因为找不到自定义日志。
I tried to use something like the answer provided here but I can't seem to be able to do in python.我尝试使用类似于此处提供的答案的东西,但我似乎无法在 python 中执行此操作。
import win32evtlog
handle = win32evtlog.OpenEventLog(None, "Microsoft-Windows-TWinUI/Operational")
flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
if events:
for event in events:
print(event.StringInserts)
I prefer to use pywin32 but it is not a must and I can use other packages.我更喜欢使用 pywin32,但这不是必须的,我可以使用其他包。
2 个解决方案
解决方案1
1 2020-03-02 20:28:11
I know I'm a bit late, but in case anyone else is wondering this...我知道我有点晚了,但万一其他人想知道这个......
Use the newer Evt* functions in the library.使用库中较新的 Evt* 函数。 You can access an xml of the event metadata from any log by using EvtQuery->EvtNext->EvtRender as outlined in the answer on this GitHub post: https://github.com/mhammond/pywin32/issues/676您可以使用 EvtQuery->EvtNext->EvtRender 从任何日志中访问事件元数据的 xml,如此 GitHub 帖子中的答案所述: https ://github.com/mhammond/pywin32/issues/676
PS The module win32evtlog's older functions (likeOpenEventLog) that return handles that are incompatible with the newer Evt* functions and vice versa. PS 模块 win32evtlog 的旧函数(如 OpenEventLog)返回的句柄与较新的 Evt* 函数不兼容,反之亦然。 So avoid mixing them for sanity's sake!所以为了理智,避免混合它们! :) :)
解决方案2
1 2022-06-16 06:17:42
There is clearly a lack of documentation and clear examples on the interwebs.互联网上显然缺乏文档和明确的示例。 Here is what I came up with after a fair amount of trial and error.这是我经过大量试验和错误后得出的结论。 The example below prints the latest event logs for Windows Defender alerts.下面的示例打印 Windows Defender 警报的最新事件日志。
Hope someone that comes across this on their google journey finds this useful.希望在他们的谷歌之旅中遇到这个问题的人会觉得这很有用。
import win32evtlog
import xmltodict
def SearchEvents(LogName, EventId, count=20):
EventLog = win32evtlog.EvtOpenLog(LogName, 1, None)
#totalRecords = win32evtlog.EvtGetLogInfo(EventLog, win32evtlog.EvtLogNumberOfLogRecords)[0]
ResultSet = win32evtlog.EvtQuery(LogName, win32evtlog.EvtQueryReverseDirection, "*[System[(EventID=%d)]]" % EventId, None)
EventList = []
for evt in win32evtlog.EvtNext(ResultSet, count):
res = xmltodict.parse(win32evtlog.EvtRender(evt, 1))
EventData = {}
for e in res['Event']['EventData']['Data']:
if '#text' in e:
EventData[e['@Name']] = e['#text']
EventList.append(EventData)
return EventList
Events = SearchEvents('Microsoft-Windows-Windows Defender/Operational', 1116)
pprint(Events)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.