Dumps the content of the EventLog you designate.
Uses the Win32::Lanman module available from http://jenda.krynicky.cz/perl, and Win32::Perms.
/* ---------------------------------------------------------- */
#! c:\perl\bin\perl.exe
use strict;
use Win32::Lanman;
use Win32::Perms;
my $server = shift || Win32::NodeName;
Win32::Perms::LookupDC(0);
\&GetEvents($server,"Security");
sub GetEvents {
my($server,$evtlog) = @_;
my(@events,$event,$desc);
my %types = (1 => "(Error)",
4 => "(Information)",
8 => "(Success Audit)",
16 => "(Failure Audit)");
my %category = (0 => "(None)",
1 => "(System Event)",
2 => "(Logon/Logoff)",
3 => "(Object Access)",
4 => "(Privilege Use)");
if(Win32::Lanman::ReadEventLog("\\\\$server", $evtlog, 0xffffffff, 0, \@events)) {
foreach $event (@events) {
print "Computer: ".${$event}{computername}."\n";
print "Category: ".${$event}{eventcategory}." ".$category{${$event}{eventcategory}}."\n";
my $id = (${$event}{eventid} & 0xffff);
print "Event ID: ".$id."\n";
print "EventType: ".${$event}{eventtype}." ".$types{${$event}{eventtype}}."\n";
print "Source: ".${$event}{source}."\n";
print "SourceName: ".${$event}{sourcename}."\n";
print "Generated: ".localtime(${$event}{timegenerated})."\n";
print "Written: ".localtime(${$event}{timewritten})."\n";
print "Flags: ".${$event}{reservedflags}."\n";
print "User: ".Win32::Perms::ResolveAccount(${$event}{usersid})."\n";
print "Description: ";
if (Win32::Lanman::GetEventDescription("\\\\$server", $event)) {
$desc = ${$event}{eventdescription};
print $desc."\n";
}
else {
my $strings = ${$event}{strings};
print "\n";
foreach (@$strings) {
print "\t+".$_."\n";
}
}
# print "Data: ".unpack("H".2 *length(${$event}{data}), ${$event}{data})."\n"
# if (${$event}{data} ne "");
print "\n\n";
}
}
else {
my $err = Win32::FormatMessage Win32::Lanman::GetLastError();
$err = Win32::Lanman::GetLastError() if ($err eq "");
print "$server: ReadEventLog error: $err.\n";
}
}
/* ---------------------------------------------------------- */
Credits
-- UnKnown --
|