Login
Important alert: (current site time 7/15/2013 9:30:24 PM EDT)
 

VB icon

elr_app.pl

 Email
Submitted on: 7/18/2001 9:23:35 AM
By: Garrett Klok 
Level: Beginner
User Rating: Unrated
Compatibility: 5.0 (all versions)
Views: 8435
 
     Query NT EventLogs of remote and local systems, outputting to stdout ('~' delimited, with a '|' to indicate then end of line {cr}{lf}). The output is used by SQLServer to populate tables, or could be used by Excel to create reports. For personal use I have added the functionality of only grabbing the previous two day's worth of events, and I have added a header line. You can easily remove this functionality.
 
code:
Can't Copy and Paste this?
Click here for a copy-and-paste friendly version of this code!
 
Terms of Agreement:   
By using this code, you agree to the following terms...   
  1. You may use this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
  2. You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.   
  3. You may link to this code from another website, but ONLY if it is not wrapped in a frame. 
  4. You will abide by any additional copyright restrictions which the author may have placed in the code or code's description. 
				
=**************************************
= Name: elr_app.pl
= Description:Query NT EventLogs of remote and local systems, outputting to stdout ('~' delimited, with a '|' to indicate then end of line {cr}{lf}). The output is used by SQLServer to populate tables, or could be used by Excel to create reports.
For personal use I have added the functionality of only grabbing the previous two day's worth of events, and I have added a header line. You can easily remove this functionality.
= By: Garrett Klok
=
= Inputs:Syntax: perl elr_app.pl [Server] [> outputfile]
Ex: perl elr_app.pl \\My_server > file.out
=
= Returns:No 'returns' other than the contents of the event log.
=
= Side Effects:I'm unaware of any side-effects. If any bugs or problems arise, please let me know. I'd like to learn the most I can.
=
=This code is copyrighted and has= limited warranties.Please see http://www.Planet-Source-Code.com/vb/scripts/ShowCode.asp?txtCodeId=217&lngWId=6=for details.=**************************************

#****************************************************
# Authors: 	Garrett Klok, gklok@ccs.neu.edu
#			Paul Silveira, pasilveira@statestreet.com
#			<anonymous>
# Purpose: Query NT EventLogs of remote systems outputting
#			to stdout which is used by SQLServer to populate 
#			tables.
# Syntax:perl elr_app.pl [Server] [> outputfile]
# 
# Code was used from other authors in the creation. 
# Other authors: Harlan Carvey, keydet89@yahoo.com
#			David Blank-Edelman, dnb@ccs.neu.edu
#****************************************************
use Win32::EventLog;
#---------------------------------------------
# Translator for EventType
#---------------------------------------------
%type = (1 => "Error",
 2 => "Warning",
 4 => "Information",
 8 => "Audit_success",
 16 => "Audit_failure");
#---------------------------------------------
# Opens connections with remote system
#---------------------------------------------
my $server = shift || Win32::NodeName;
\&GetEvents($server,"Application");
#- - - - - - - - - - - - - - - - - - - - - - -
# GetEvents()
# Input: Server name, EventLog
# Output: Log entries, to STDOUT
#- - - - - - - - - - - - - - - - - - - - - - -
sub GetEvents {
	my($server,$evtlog) = @_;
	my ($log);
#- - - - - - - - - - - - - - - - - - - - - - - 
# Open EventLog
#- - - - - - - - - - - - - - - - - - - - - - -
		
	$log = Win32::EventLog->new($evtlog,$server) || 
		die "Could not open $evtlog log on $server: $!\n";
#---------------------------------------------
# Time formatting and date manipulation
#---------------------------------------------
 
use constant TWO_DAY => 60*60*24*2;
$lokal = time();
$two_days = ($lokal - TWO_DAY);
#---------------------------------------------
# EventLog reading
#---------------------------------------------
print "DateandTime~Computer~EventType~Category~EventID~Message|";
#- - - - - - - - - - - - - - - - - - - - - - -
# Enables the retrieve of full text of every 
# message on each Read()
#- - - - - - - - - - - - - - - - - - - - - - -
$Win32::EventLog::GetMessageText = 1; 
 
#- - - - - - - - - - - - - - - - - - - - - - -
# Read through EventLog (backwards) one record
# at a time
#- - - - - - - - - - - - - - - - - - - - - - -
while ($log->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),
 1,$entry)) {
$remote_time = ($entry->{TimeGenerated});
if ($two_days < $remote_time) 
		{
print (join(" ", ((split(/\s+/, scalar(localtime($entry->{TimeGenerated}))))[1,2,4,3])));
		print "~";
		print $entry->{Computer};
		print "~";
		print $type{$entry->{EventType}};
		print "~";
		print $entry->{Category};
		print "~";
		my $id = ($entry->{EventID} & 0xffff);
		print $id;
		print "~";
		print $entry->{Message};
		print "|";
		print "\n";
		}
	else {};
	}
}

Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:
Your Vote

What do you think of this code (in the Beginner category)?
(The code with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 
Other User Comments


 There are no comments on this submission.
 
Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular code, please click here instead.)
 

To post feedback, first please login.

Search:

Newest postings for Perl.

Add this ticker to my site

Daily code email

Click here to join the 'Code of the Day' mailing list!

This site on CD

Over 7,000 submissions on a super fast CD!

Code/Articles

Top Code

Community

Jobs

Other

Goto…

Copyright© 1997-2013 by Exhedra Solutions, Inc. All Rights Reserved.
By using this site you agree to its Terms and Conditions. Planet Source Code™ and the phrase "Dream It. Code It"™ are trademarks of Exhedra Solutions, Inc.