win32evtlog Module的用法

2019独角兽企业重金招聘Python工程师标准>>>

 

The win32evtlog module interfaces to the Win32 SDK functions that deal with the Windows NT Event Log. This module also contains generic message resources suitable for reference in Event Log records.

1.CloseEventLog( )

Closes a handle to the Event Log.

CloseEventLog(handle)

Parameters

handle

The handle to close, as obtained from win32evtlog.OpenEventLog().

 

2.OpenEventLog( )

Opens a handle to one of the Event Logs on the specified machine

handle = OpenEventLog(machineName, logName)

 

Parameters

machineName

The name of the machine to connect to or None for the current machine.

logName

The name of the Event Log to open, such as Application, System, or Security.

 

Result

The return value is an integer handle to the Event Log.

 

3.ReadEventLog( )

Reads a number of records from an open Event Log.

records = ReadEventLog(handle, readFlags, recordOffset)

Parameters

handle

An open handle to the Event Log, obtained from win32evtlog.OpenEventLog().

readFlags

Specify how the read operation is to proceed and may be a combination of the following flags:

win32evtlog.EVENTLOG_FORWARDS_READ

The Log is read in forward chronological order.

win32evtlog.EVENTLOG_BACKWARDS_READ

The Log is read in reverse chronological order.

win32evtlog.EVENTLOG_SEEK_READ

The read operation proceeds from the record specified by the recordOffset parameter. If this flag is used, readFlags must also specify EVENTLOG_FORWARDS_READ or EVENTLOG_BACKWARDS_READ, which indicates the direction for successive read operations.

win32evtlog.EVENTLOG_SEQUENTIAL_READ

The read operation proceeds sequentially from the last call to the win32evtlog.ReadEventLog() function using this handle.

recordOffset

Specifies the log-entry record number at which the read operation should start. This parameter is ignored unless the readFlags parameter includes the EVENTLOG_SEEK_READ flag.

Result

The result is a list of PyEVENTLOGRECORD objects. The number of records returned by a single call can be determined only after the call has returned.

4.PyEVENTLOGRECORD object

A PyEVENTLOGRECORD object reads records from the Event Log or writes new records to the Log

Methods

This object has no methods.

Properties

RecordNumber

The number of the Event Log record. This number can be used to find the specific record.

TimeGenerated

A Time object indicating the time the record was generated.

TimeWritten

A Time object indicating the time the record was actually written to the Log.

EventID

An integer event ID, as defined by the application writing the record.

EventType

An integer defining the event type, which can be one of the following:

EVENTLOG_ERROR_TYPE

EVENTLOG_WARNING_TYPE

EVENTLOG_INFORMATION_TYPE

EVENTLOG_AUDIT_SUCCESS

EVENTLOG_AUDIT_FAILURE

EventCategory

An integer event category, as defined by the application writing the record.

SourceName

The name of the application that generated the Event Log record.

ComputerName

The name of the computer that generated this message.

StringInserts

A list of string inserts for this message.

Sid

The security identifier of a user to be associated with this record.

Data

The raw binary data for the Event Log record.

5.Messages

The win32evtlog.pyd file contains embedded messages suitable for using to write to the Event Log. Only generic messages are provided.

Message ID	Event Type	Message Text
1 to 9	Error	%1
1 to 9	Information	%1
1 to 9	Success	%1
1 to 9	Warning	%1

 

 

 

转载于:https://my.oschina.net/piginwind/blog/690188