How retrieve from Python win32evtlog rest of info?

2019-08-10 06:48发布

站内问答 / Python
1473 2 4

Using win32evtlog I can get next info:

events = win32evtlog.ReadEventLog(loghandle, flags, 0)
while events:
    for event in events:
        print 'Event Category:', event.EventCategory
        print 'Time Generated:', event.TimeGenerated
        print 'Source Name:', event.SourceName
        print 'Event ID:', event.EventID
        print 'Event Type:', event.EventType
        data = event.StringInserts
        if data:
            print 'Event Data:'
            for msg in data:
                print msg
    events = win32evtlog.ReadEventLog(loghandle, flags, 0)

But if we look at event structure:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="PRNAME" /> 
  <EventID Qualifiers="0">18</EventID> 
  <Level>0</Level> 
  <Task>0</Task> 
  <Keywords>0xa0000000000000</Keywords> 
  <TimeCreated SystemTime="2012-04-03T05:30:02.000000000Z" /> 
  <EventRecordID>2387524</EventRecordID> 
  <Channel>PRNAME</Channel> 
  <Computer>A00001</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>tst</Data> 
  <Binary>01020304</Binary> 
  </EventData>
  </Event>

We can find there additional info:

  • Channel name - that is different from Provider name
  • EventRecordId
  • Computer
  • Binary

and other. How to get them? I especially need Binary and EventRecordId, but I guess there have to be way to get all data from event log.

2条回答
我命由我不由天
2楼-- · 2019-08-10 07:40

Have you tried this ?

events = win32evtlog.ReadEventLog(loghandle, flags, 0)
if events:
  print dir(events[0])

Myself I get some of the fields you were looking for:

  • RecordNumber
  • ComputerName
查看更多
0人赞 添加讨论(0) 举报
冷血范
3楼-- · 2019-08-10 07:43

If you don't mind to use BeautifulSoup over the xml formatted data, then here is an example

from bs4 import BeautifulSoup

soup = BeautifulSoup(event_log_as_xml)

print soup.find("channel").text
print soup.find("eventrecordid").text
print soup.find("computer").text
print soup.find("binary").text
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)