events pl- for Sharing Code and Text.

PERL 120

events pl

Guest on 18th August 2022 01:25:54 AM

use Win32::EventLog;
if($#ARGV < 2)
{
die "usage: perl evt.pl MYSERVER System 10\n";
}
$machine = $ARGV[0];
$eventlog = $ARGV[1];
$limit = $ARGV[2];
my ($EventLog, $count, $first, $key);
$first = $count = 0;
my $event={
'Source' =>NULL,
'Computer' =>NULL,
'Length' =>NULL,
'Category' =>NULL,
'RecordNumber' =>NULL,
'TimeGenerated' =>NULL,
'Timewritten' =>NULL,
'EventID' =>NULL,
'EventType' =>NULL,
'ClosingRecordNumber' =>NULL,
'Strings' =>NULL,
'Data', =>NULL,
};
$EventLog = new Win32::EventLog( 'Security' ) || die $!;
$EventLog->GetOldest(\$first) || die $!;
$EventLog->GetNumber(\$count) || die $!;
$EventLog->Read((EVENTLOG_SEEK_READ |
EVENTLOG_BACKWARDS_READ),$first+$count,$event);
for $i ($first+$count-$limit+1..$first+$count)
{
$EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),0,$event);
($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) =
localtime($event->{'TimeGenerated'});;
print sprintf("%15s -> %02d\-%02d\-%02d,
%02d:%02d\n",'timestamp',$year,$mon+1,$mday,$hour,$min);
#to get a readable EventId
$event->{'EventID'} = $event->{'EventID'} & 0xffff;
foreach $key ('RecordNumber','Category','Source','Strings')
{
print sprintf( "%15s -> %s\n",$key, $event->{$key} );
}
print "\n";
}

Raw Paste

use Win32::EventLog;

if($#ARGV < 2)
        {
        die "usage: perl evt.pl MYSERVER System 10\n";
        }

$machine  = $ARGV[0];
$eventlog = $ARGV[1];
$limit    = $ARGV[2];

my ($EventLog, $count, $first, $key);

$first = $count = 0;
my $event={
        'Source'              =>NULL,
        'Computer'            =>NULL,
        'Length'              =>NULL,
        'Category'            =>NULL,
        'RecordNumber'        =>NULL,
        'TimeGenerated'       =>NULL,
        'Timewritten'         =>NULL,
        'EventID'             =>NULL,
        'EventType'           =>NULL,
        'ClosingRecordNumber' =>NULL,
        'Strings'             =>NULL,
        'Data',               =>NULL,
        };

$EventLog = new Win32::EventLog( 'Security' ) || die $!;

$EventLog->GetOldest(\$first) || die $!;
$EventLog->GetNumber(\$count) || die $!;

$EventLog->Read((EVENTLOG_SEEK_READ | 
EVENTLOG_BACKWARDS_READ),$first+$count,$event);

for $i ($first+$count-$limit+1..$first+$count)
        {
        
$EventLog->Read((EVENTLOG_SEQUENTIAL_READ|EVENTLOG_BACKWARDS_READ),0,$event);
        ($sec,$min,$hour,$mday,$mon,$year,$sday,$yday,$isdst) = 
localtime($event->{'TimeGenerated'});;
        print sprintf("%15s -> %02d\-%02d\-%02d, 
%02d:%02d\n",'timestamp',$year,$mon+1,$mday,$hour,$min);

#to get a readable EventId
        $event->{'EventID'} = $event->{'EventID'} & 0xffff;

foreach $key ('RecordNumber','Category','Source','Strings')
                {
                print sprintf( "%15s -> %s\n",$key, $event->{$key} );
                }

print "\n";
        }