使用win32evtlog我可以获得下一个信息:
events = win32evtlog.ReadEventLog(loghandle, flags, 0)
while events:
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
data = event.StringInserts
if data:
print 'Event Data:'
for msg in data:
print msg
events = win32evtlog.ReadEventLog(loghandle, flags, 0)
但是如果我们看一下事件结构:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="PRNAME" />
<EventID Qualifiers="0">18</EventID>
<Level>0</Level>
<Task>0</Task>
<Keywords>0xa0000000000000</Keywords>
<TimeCreated SystemTime="2012-04-03T05:30:02.000000000Z" />
<EventRecordID>2387524</EventRecordID>
<Channel>PRNAME</Channel>
<Computer>A00001</Computer>
<Security />
</System>
- <EventData>
<Data>tst</Data>
<Binary>01020304</Binary>
</EventData>
</Event>
我们可以找到其他信息:
等。怎么弄他们?我特别需要Binary和EventRecordId,但我想必须有办法从事件日志中获取所有数据。
答案 0 :(得分:0)
如果你不介意在xml格式的数据上使用BeautifulSoup,那么这是一个例子
from bs4 import BeautifulSoup
soup = BeautifulSoup(event_log_as_xml)
print soup.find("channel").text
print soup.find("eventrecordid").text
print soup.find("computer").text
print soup.find("binary").text
答案 1 :(得分:0)
你试过这个吗?
events = win32evtlog.ReadEventLog(loghandle, flags, 0)
if events:
print dir(events[0])
我自己得到了你正在寻找的一些领域: