#!/usr/bin/perl -w
use Win32::EventLog;
$area = 'System'; # Default
$host = $ENV{'ComputerName'};
$log_handle = Win32::EventLog->new($area, $host)or die "Cannot open $area event log $!\n";
$log_handle->GetOldest($record_base) or die "Error getting oldest record, $!\n";
$log_handle->GetNumber($num_records) or die "Error getting number records, $!\n";
for ($rec = 0; $rec < $num_records; $rec++ ) {
$log_handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$record_base + $rec,\%hash)or die "Cannot read event log entry $rec, $!\n";
print_error_log( \%hash );
}
$log_handle->Close();
sub print_error_log {
my($hash_ref) = $_[0];
my(%hash) = %$hash_ref;
my($time_str);
my($time_value);
if ( exists( $hash{'EventType'} ) ) {
if ( $hash{'EventType'} eq EVENTLOG_ERROR_TYPE ) {
my($source) = $hash{'Source'};
$time_value = $hash{'TimeGenerated'};
$time_str = localtime( $time_value );
my($rec_number) = $hash{'RecordNumber'};
my($msg) =Win32::EventLog::GetMessageText( \%hash );
if (defined($msg) ) {
print " $rec_number $source $time_str\n";
print "$msg\n";
} else {
# Print raw strings used to create message.
print " $rec_number $source $time_str\n";
print "$hash{'Strings'}";
}
}
}
}
|