Win32::EventLog does not die

Programming and Web Development Forums - PERL -

Skip to content

Win32::EventLog does not die

PERL
Post a reply

    Next

  • 1. How to connect MS Access with ODBC
    Hi all, I am meeting a big problem. I try to use Perl to connect MS Access database from a remote machine . But I can not find a good way. I want use the DSN-less way. I search it from google, and get this example: use DBI; $dbh = DBI->connect('dbi:ODBC:driver=Microsoft Access Driver (*.mdb);dbq=f:\db1.mdb'); My question is how to setup the host name or port number? Like this: $dbh = DBI->connect('dbi:ODBC:driver=Microsoft Access Driver (*.mdb);ServerPort:128.128.110.110;dbq=f:\db1.mdb'); , right? or replace ServerPort with HOST? All of them do not work. And if I make the "dbq" value as a .mdb file from local machine. It queries records from the local file without connect remote machine. I am tired about this. Maybe I can try make DSN, but I am afraid it can not connect a remote machine. Does anybody have a solution? Help me! Best Regards, Xu
  • 2. PERL/LDAPS
    Hello, I am trying to use LDAPS in one of my perl script and not able to get all required modules to install. I am doing this on Windows machine. Can anyone share their experience if they managed to successfully install all required modules. Thank you, John.

Win32::EventLog does not die

Postby Cosmic Cruizer » Sun, 28 Dec 2008 01:02:19 GMT 

The following does not die when $server does not exist. An ideas on what I 
am doing wrong or what I need to change?

use strict;
use Win32::EventLog;

my $logtype = 'Security';
my $server = 'aserq4fc93';
my $EventLog = Win32::EventLog->new( $logtype, $server ) || die "Cannot 
open EventLog\n";

Thanks
Top

Re: Win32::EventLog does not die

Postby Cosmic Cruizer » Mon, 29 Dec 2008 04:30:37 GMT 

Cosmic Cruizer < XXXX@XXXXX.COM > wrote in




Well, looks like I'm not having much luck with this, but I've decided on 
a few work arounds:
1. Include a ping test (net::ping) to check for server.
2. Test to see if records can be found by using the following:
$EventLog->GetNumber($recs) || die "Can't get number of EventLog records
\n";

My output will be tailored for each condition. Although, I still would 
like to know why the original issue exists.
Top

Similar Threads:

1.ANN: Perl module Win32::EventLog::Carp 1.30 released 


The latest version of Win32::EventLog::Carp has been uploaded to PAUSE and
should begin showing up in a CPAN mirror near you at

     $CPAN/authors/id/R/RR/RRWO/Win32-EventLog-Carp-1.30.tar.gz

NAME
     Win32::EventLog::Carp - for carping in the Windows NT Event Log

REQUIREMENTS
       Carp
       Win32::EventLog

REVISION HISTORY
     Changes since Win32::EventLog::Carp v1.21.  (Note: potential
     incompatabilities are marked with '*'.)

     1.30  Thu June  3 2004
	- added tests
	- fixed issue with uninitialized values (RT#5408).
	- added Build.PL as alternative to Makefile.PL
	- added META.yml to distribution
	* source registration disabled by default; must be enabled in import
	- renamed global variables with initial caps
	- added note in POD about Windows 2003/IIS security policy
	- added require for Carp::Heavy because of longmess_heavy and
	  shortmess_heavy routines
	- added note in POD about warnings from Win32::EventLog

     A detailed revision history is in the Changes file included with
     this distribution.

SYNOPSIS
       use Win32::EventLog::Carp;
       croak "We're outta here!";

       use Win32::EventLog::Carp qw(cluck);
       cluck "This is how we got here!";

DESCRIPTION
     `Win32::EventLog::Carp' traps warnings and fatal errors in Perl and
     reports these errors in the Windows NT Event Log. This is useful for
     scripts which run as services or through the scheduler, and for
     CGI/ISAPI scripts.

     The interface is similar to `Carp': the `carp', `croak' and `confess'
     functions are exported (with `cluck' being optional). You need only
     change references of "Carp" to "Win32::EventLog::Carp" to begin using
     this module.

     A more detailed description can be found in the module's POD docu-
     mentation.

AUTHOR
     Robert Rothenberg <rrwo at cpan.org>

LICENSE
     Copyright (c) 2000-2004 Robert Rothenberg. All rights reserved. This
     program is free software; you can redistribute it and/or modify it under
     the same terms as Perl itself.

2.Win32::EventLog - Missing Events 

Perlers,

 

I'm working on a script to check the application log on one of my
servers for a specific event using Win32::EventLog.  For some reason, I
don't get all of the event entries returned.  In this case I have 1196
entries, but only 353 are output by the script (so says $log->GetNumber
and wc -l).  Does anyone know why this could be?

 

Using the documentation from CPAN and a few pages from 'Perl for System
Administration', I've written the following:

 

# Perl and Windows, sittin' in a tree...

 

use strict;

use warnings;

 

# the code snippet for Win32::EventLog was lifted from 'Perl for System
Administration', pg. 298

 

use Win32::EventLog;

# each event has a type, hash it

my %type = ( 1  => "ERROR",

             2  => "WARNING",

             4  => "INFORMATION",

             8  => "AUDIT_SUCCESS",

             16 => "AUDIT_FAILURE",);

 

# if this is set, we also retrieve the full text of every message on
each Read()

$Win32::EventLog::GetMessageText = 1;

 

# open the System log (try Application later)

#my $log = new Win32::EventLog("Application") or die "Unable to open
system log:$!\n";

my $log = new Win32::EventLog("System") or die "Unable to open system
log:$!\n";

 

# find the number of records in the log

$log->GetNumber(my $lastRec);

 

my $entry;

my $source2find = "APCPBEAgent";

my $id2find = "2000";

# set an arbitrary time for testing; will capture time at the end of
each run (in production)

#my $time2find = "1125272719";

 

# read one record at a time, starting with the first entry

# note: find docs on EVENTLOG_*...

while
($log->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ),1,$entry))
{

 

# the following print lines are for debugging, to make sure I really
have some output...

  print"\n-------------------\n";

  print "Time: " . $entry->{TimeGenerated} . "\n";

  print scalar localtime($entry->{TimeGenerated}) . "\n";

  print "Computer: " . $entry->{Computer} . "\n";

  print "EventID: " . ($entry->{EventID} & 0xffff) . "\n";

  print "Source: " . $entry->{Source}. "\n";

  print "Event Type: " . $type{$entry->{EventType}} . "\n";

  print "Message: " . $entry->{Message}. " \n";

 

# assign some variables

  my $source = $entry->{Source};

  my $time = $entry->{TimeGenerated};

  my $eventid = $entry->{EventID};

  

#  if ( $time > $time2find ) {

#    if ( $source eq $source2find ) {

#      if ( $eventid eq $id2find ) {

#        print"\n-------------------\n";

#        print "Time: " . $time . "\n";

#        print "Source: " . $source . "\n";

#        print "EventID: " . $eventid . "\n";

#      }

#    }

#  }

 

}

 

print "Number of events: $lastRec\n";

 

Ryan

3.Win32::EventLog problem with event ID 560 

I am using the following code to extract events from archived .evt
files and put them into a MySQL db.  Everything seems to work fine,
except for event ID 560's.  For some reason, the {Message} bit is
empty ... and the {Strings} bit comes out malformed.  I've looked all
over trying to find some specific reference to this event ID ... and
maybe I'm on the wrong track completely.  Any experienced advice here
would be greatly appreciated.


opendir(DIR, $logdir) || die "Can't opendir: $!";
@logfiles = grep { /Security\.evt\.gz/ } readdir(DIR);
closedir DIR;


foreach (@logfiles){
	$seclog = Win32::EventLog->new("$logdir\\$newfilename");
        $seclog->GetNumber($recs);
	$seclog->GetOldest($base);
	$x = '';
	while ($x < $recs) {
		$seclog->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ, $base+$x,
$hashRef);
		if ($hashRef->{EventID} =~
/675|677|560|564|577|578|608|609|610|611|612|624|625|626|627|628|629|630|631|632|633|634|635|636|637|638|639|640|641|642|643|644/)
{
			($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($hashRef->{'TimeGenerated'});
			$year += 1900;
			$dategenned = sprintf ("%04d-%02d-%02d %02d:%02d:%02d",
$year,$mon,$mday,$hour,$min,$sec);
			Win32::EventLog::GetMessageText($hashRef);
			$evtEventIDnum = $hashRef->{EventID} & 0xffff;
			$evtTimegenned = localtime($hashRef->{'TimeGenerated'});
			$evtTimewritten = $hashRef->{TimeWritten};
			$evtLength = $hashRef->{Length};
			$evtRecordNumber = $hashRef->{RecordNumber};
			$evtEventType = $hashRef->{EventType};
			$evtCategory = $hashRef->{Category};
			$evtClosingRecordNumber = $hashRef->{ClosingRecordNumber};
			$evtSource = $hashRef->{Source};
			$evtComputer = $hashRef->{Computer};
			$evtMessage = $hashRef->{Message};
			$evtStrings = $hashRef->{Strings};
			$evtUser = $hashRef->{User};
			$evtData = $hashRef->{Data};
			$dbh->do("UPDATE eventlogs SET lastentry = NOW() WHERE computer =
\'$evtComputer\'");
			$dbh->do("INSERT INTO seceventlogs SET datewritten = NOW(), IDnum =
\'$evtEventIDnum\' , time = \'$evtTimegenned\', length =
\'$evtLength\', recordnumber = \'$evtRecordNumber\', eventtype =
\'$evtEventType\', category = \'$evtCategory\', closingrecnum =
\'$evtClosingRecordNumber\', source=\'$evtSource\',
computer=\'$evtComputer\', message = \"$evtMessage\", strings =
\"$evtStrings\", data = \'$evtData\'");
		}
		$x++;
	}
	$seclog->Close();
}

4.win32::eventlog DNS Server, Directory Service, File Replication Service 

hello,

does anyone know how to scan the special eventlogs on a dc like
DNS Server log
Directory Service
File Replicatoin Service

i tried it with win32::eventlog version 0.074 but it did'nt work

bye volker

5.ANN: Win32::EventLog::Carp 1.30 released 

The latest version of Win32::EventLog::Carp has been uploaded to PAUSE
and should begin showing up in a CPAN mirror near you at

     $CPAN/authors/id/R/RR/RRWO/Win32-EventLog-Carp-1.30.tar.gz

NAME
     Win32::EventLog::Carp - for carping in the Windows NT Event Log

REQUIREMENTS
       Carp
       Win32::EventLog

REVISION HISTORY
     Changes since Win32::EventLog::Carp v1.21.  (Note: potential
     incompatabilities are marked with '*'.)

     1.30  Thu June  3 2004
	- added tests
	- fixed issue with uninitialized values (RT#5408).
	- added Build.PL as alternative to Makefile.PL
	- added META.yml to distribution
	* source registration disabled by default; must be enabled in import
	- renamed global variables with initial caps
	- added note in POD about Windows 2003/IIS security policy
	- added require for Carp::Heavy because of longmess_heavy and
	  shortmess_heavy routines
	- added note in POD about warnings from Win32::EventLog

     A detailed revision history is in the Changes file included with
     this distribution.

SYNOPSIS
       use Win32::EventLog::Carp;
       croak "We're outta here!";

       use Win32::EventLog::Carp qw(cluck);
       cluck "This is how we got here!";

DESCRIPTION
     `Win32::EventLog::Carp' traps warnings and fatal errors in Perl and
     reports these errors in the Windows NT Event Log. This is useful for
     scripts which run as services or through the scheduler, and for
     CGI/ISAPI scripts.

     The interface is similar to `Carp': the `carp', `croak' and `confess'
     functions are exported (with `cluck' being optional). You need only
     change references of "Carp" to "Win32::EventLog::Carp" to begin using
     this module.

     A more detailed description can be found in the module's POD docu-
     mentation.

AUTHOR
     Robert Rothenberg <rrwo at cpan.org>

LICENSE
     Copyright (c) 2000-2004 Robert Rothenberg. All rights reserved. This
     program is free software; you can redistribute it and/or modify it under
     the same terms as Perl itself.

6. Report to Event Viewer correctly using Win32::EventLog

7. ANN: Win32::EventLog::Carp 1.30 released

8. [DGBI] to die or not to die (was: opening a file)

Post a reply

Return to PERL

 

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group