Skip Menu |
 

This queue is for tickets about the Win32-EventLog CPAN distribution.

Report information
The Basics
Id: 61907
Status: new
Priority: 0/
Queue: Win32-EventLog

People
Owner: Nobody in particular
Requestors: duncan.loveday [...] bt.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Read event logs for "Application Channels" ?
Date: Tue, 5 Oct 2010 15:24:20 +0100
To: <bug-Win32-EventLog [...] rt.cpan.org>
From: <duncan.loveday [...] bt.com>
Download (untitled) / with headers
text/plain 3.1k
Hi, We're trying to read event logs with "application" channels as opposed to "global" channels, as documented here http://msdn.microsoft.com/en-us/library/bb756956.aspx on Windows 2008. We find the Win32::Event module will only accept source names that correspond to "global" channels and exist in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog, typically just "System", "Security" and "Application". On our system there are many more event logs - see below - which contain events from application channels and which we are unable to read with the Win32::EventLog package. The latter exist in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels. Is there a way and if not, should the package be enhanced ? Duncan. $ ls C:/Windows/System32/winevt/Logs/ Application.evtx HardwareEvents.evtx Internet Explorer.evtx Key Management Service.evtx Microsoft-Windows-Bits-Client%4Operational.evtx Microsoft-Windows-CodeIntegrity%4Operational.evtx Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Microsoft-Windows-EventCollector%4Operational.evtx Microsoft-Windows-Forwarding%4Operational.evtx Microsoft-Windows-GroupPolicy%4Operational.evtx Microsoft-Windows-Help%4Operational.evtx Microsoft-Windows-International%4Operational.evtx Microsoft-Windows-Kernel-WDI%4Operational.evtx Microsoft-Windows-Kernel-WHEA.evtx Microsoft-Windows-LanguagePackSetup%4Operational.evtx Microsoft-Windows-MUI%4Operational.evtx Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Microsoft-Windows-RestartManager%4Operational.evtx Microsoft-Windows-Security-Configuration-Wizard%4Diagnostic.etl Microsoft-Windows-Security-Configuration-Wizard%4Operational.etl Microsoft-Windows-ServerManager%4Analytic.etl Microsoft-Windows-ServerManager%4Operational.evtx Microsoft-Windows-TaskScheduler%4Operational.evtx Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Microsoft-Windows-UAC%4Operational.evtx Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Microsoft-Windows-Winlogon%4Operational.evtx Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Security.evtx Setup.evtx System.evtx Windows PowerShell.evtx Administrator@MMRLAB195 ~ $
Subject: RE: [rt.cpan.org #61907] AutoReply: Read event logs for "Application Channels" ?
Date: Tue, 5 Oct 2010 15:46:05 +0100
To: <bug-Win32-EventLog [...] rt.cpan.org>
From: <duncan.loveday [...] bt.com>
Download (untitled) / with headers
text/plain 200b
Perhaps I should have made clear: There is no problem with reading offline files containing events from any of these files. The problem is only how to read the "live" logs with application channels.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.