Read Specific Windows Event Log Event

Question

I am working on a program and need ot know how I would read a specific entry to the Windows Event Log based on a Record number, which this script will already have. Below is

Answer 1

I realize this is an old question, but I came across it, and if I did, others may too.

You can also write custom queries, which allow you to query by any of the WMI parameters you can script (including event ID). It also has the benefit of letting you pull out and dust off all those VBS WMI queries that are out there. I actually use this functionality more frequently than any other. For examples, see:

• http://technet.microsoft.com/en-us/library/ee176693.aspx
• http://technet.microsoft.com/library/ee176695.aspx

Here's a sample to query for a specific event in the Application log. I haven't fleshed it out, but you can also build a WMI time string and query for events between or since specific date/times as well.

#! py -3

import wmi

def main():
    rval = 0  # Default: Check passes.

    # Initialize WMI objects and query.
    wmi_o = wmi.WMI('.')
    wql = ("SELECT * FROM Win32_NTLogEvent WHERE Logfile="
           "'Application' AND EventCode='3036'")

    # Query WMI object.
    wql_r = wmi_o.query(wql)

    if len(wql_r):
        rval = -1  # Check fails.

    return rval



if __name__ == '__main__':
    main()