42 lines
1.4 KiB
Perl
42 lines
1.4 KiB
Perl
#!/usr/bin/perl -w
|
|
use Win32::EventLog;
|
|
$area = 'System'; # Default
|
|
$host = $ENV{'ComputerName'};
|
|
|
|
$log_handle = Win32::EventLog->new($area, $host)or die "Cannot open $area event log $!\n";
|
|
|
|
$log_handle->GetOldest($record_base) or die "Error getting oldest record, $!\n";
|
|
|
|
$log_handle->GetNumber($num_records) or die "Error getting number records, $!\n";
|
|
|
|
for ($rec = 0; $rec < $num_records; $rec++ ) {
|
|
$log_handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$record_base + $rec,\%hash)or die "Cannot read event log entry $rec, $!\n";
|
|
print_error_log( \%hash );
|
|
}
|
|
|
|
$log_handle->Close();
|
|
|
|
sub print_error_log {
|
|
my($hash_ref) = $_[0];
|
|
my(%hash) = %$hash_ref;
|
|
my($time_str);
|
|
my($time_value);
|
|
|
|
if ( exists( $hash{'EventType'} ) ) {
|
|
if ( $hash{'EventType'} eq EVENTLOG_ERROR_TYPE ) {
|
|
my($source) = $hash{'Source'};
|
|
$time_value = $hash{'TimeGenerated'};
|
|
$time_str = localtime( $time_value );
|
|
my($rec_number) = $hash{'RecordNumber'};
|
|
my($msg) =Win32::EventLog::GetMessageText( \%hash );
|
|
if (defined($msg) ) {
|
|
print " $rec_number $source $time_str\n";
|
|
print "$msg\n";
|
|
} else {
|
|
# Print raw strings used to create message.
|
|
print " $rec_number $source $time_str\n";
|
|
print "$hash{'Strings'}";
|
|
}
|
|
}
|
|
}
|
|
} |