Accessing event logs other than System/Applicant/etc.
Posted: Sat Aug 04, 2018 3:13 pm
I've got some code found here for accessing the event logs.
It relies on the Windows API call OpenEventLog.
I use it to monitor event logs on a few servers and alert me via E-Mail to anything screwy going on.
It seems like OpenEventLog can only work with the basic event files (System, Application, Security, etc.).
If I try to open Microsoft-Windows-Backup.evtx, for example (so I can see how my backups are running), I get the apparently typical result of a handle to the Application log being returned (this is apparently by design, if the event file you request can't be opened, you get the Applicant event log instead, which seems pretty crazy but I digress).
I found some posts pointing to dead links for an open source library, and I've found links to Python library calls.
Any tips/pointers would be helpful.
Thanks in advance.
It relies on the Windows API call OpenEventLog.
I use it to monitor event logs on a few servers and alert me via E-Mail to anything screwy going on.
It seems like OpenEventLog can only work with the basic event files (System, Application, Security, etc.).
If I try to open Microsoft-Windows-Backup.evtx, for example (so I can see how my backups are running), I get the apparently typical result of a handle to the Application log being returned (this is apparently by design, if the event file you request can't be opened, you get the Applicant event log instead, which seems pretty crazy but I digress).
I found some posts pointing to dead links for an open source library, and I've found links to Python library calls.
Any tips/pointers would be helpful.
Thanks in advance.