下面是代码,它给出了87399个日志总数,但在阅读日志时它只返回7个记录列表。
import win32evtlog
server = 'localhost'
logtype = 'Application'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_SEQUENTIAL_READ | win32evtlog.EVENTLOG_BACKWARDS_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
events=win32evtlog.ReadEventLog(hand,flags,0)
print "Total number of Event record ",total #Returning 87399
print "Log record read",len(events) #Returning 7
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
print 'Computer Name:', event.ComputerName
print 'Data Name:', event.Data
print type(event)
如何阅读所有日志记录?
提前致谢
答案 0 :(得分:1)
import win32evtlog # requires pywin32 pre-installed
server = 'localhost' # name of the target computer to get event logs
logtype = 'System' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
while True:
events = win32evtlog.ReadEventLog(hand, flags,0)
if events:
for event in events:
print 'Event Category:', event.EventCategory
print 'Time Generated:', event.TimeGenerated
print 'Source Name:', event.SourceName
print 'Event ID:', event.EventID
print 'Event Type:', event.EventType
data = event.StringInserts
if data:
print 'Event Data:'
for msg in data:
print msg
print
注意:使用while而循环遍历事件,以便我们可以获取每个事件。