Home Explore Help
Register Sign In
wzj
/
Sources_For_Win
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3952626ba1
Branches Tags
Sources_For_...
/
ParaView
/
Lib
/
site-packages
/
win32
/
Demos
/
EvtFormatMessage.py

EvtFormatMessage.py 2.6 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. import sys
    2. 

  2. 

  3. import win32evtlog
    4. 

  4. 

  5. 

  6. def main():
    7. 

  7.     path = 'System'
    8. 

  8.     num_events = 5
    9. 

  9.     if len(sys.argv) > 2:
    10. 

  10.         path = sys.argv[1]
    11. 

  11.         num_events = int(sys.argv[2])
    12. 

  12.     elif len(sys.argv) > 1:
    13. 

  13.         path = sys.argv[1]
    14. 

  14. 

  15.     query = win32evtlog.EvtQuery(path, win32evtlog.EvtQueryForwardDirection)
    16. 

  16.     events = win32evtlog.EvtNext(query, num_events)
    17. 

  17.     context = win32evtlog.EvtCreateRenderContext(win32evtlog.EvtRenderContextSystem)
    18. 

  18. 

  19.     for i, event in enumerate(events, 1):
    20. 

  20.         result = win32evtlog.EvtRender(event, win32evtlog.EvtRenderEventValues, Context=context)
    21. 

  21. 

  22.         print('Event {}'.format(i))
    23. 

  23. 

  24.         level_value, level_variant = result[win32evtlog.EvtSystemLevel]
    25. 

  25.         if level_variant != win32evtlog.EvtVarTypeNull:
    26. 

  26.             if level_value == 1:
    27. 

  27.                 print('    Level: CRITICAL')
    28. 

  28.             elif level_value == 2:
    29. 

  29.                 print('    Level: ERROR')
    30. 

  30.             elif level_value == 3:
    31. 

  31.                 print('    Level: WARNING')
    32. 

  32.             elif level_value == 4:
    33. 

  33.                 print('    Level: INFO')
    34. 

  34.             elif level_value == 5:
    35. 

  35.                 print('    Level: VERBOSE')
    36. 

  36.             else:
    37. 

  37.                 print('    Level: UNKNOWN')
    38. 

  38. 

  39.         time_created_value, time_created_variant = result[win32evtlog.EvtSystemTimeCreated]
    40. 

  40.         if time_created_variant != win32evtlog.EvtVarTypeNull:
    41. 

  41.             print('    Timestamp: {}'.format(time_created_value.isoformat()))
    42. 

  42. 

  43.         computer_value, computer_variant = result[win32evtlog.EvtSystemComputer]
    44. 

  44.         if computer_variant != win32evtlog.EvtVarTypeNull:
    45. 

  45.             print('    FQDN: {}'.format(computer_value))
    46. 

  46. 

  47.         provider_name_value, provider_name_variant = result[win32evtlog.EvtSystemProviderName]
    48. 

  48.         if provider_name_variant != win32evtlog.EvtVarTypeNull:
    49. 

  49.             print('    Provider: {}'.format(provider_name_value))
    50. 

  50. 

  51.             try:
    52. 

  52.                 metadata = win32evtlog.EvtOpenPublisherMetadata(provider_name_value)
    53. 

  53.             # pywintypes.error: (2, 'EvtOpenPublisherMetadata', 'The system cannot find the file specified.')
    54. 

  54.             except Exception:
    55. 

  55.                 pass
    56. 

  56.             else:
    57. 

  57.                 try:
    58. 

  58.                     message = win32evtlog.EvtFormatMessage(metadata, event, win32evtlog.EvtFormatMessageEvent)
    59. 

  59.                 # pywintypes.error: (15027, 'EvtFormatMessage: allocated 0, need buffer of size 0', 'The message resource is present but the message was not found in the message table.')
    60. 

  60.                 except Exception:
    61. 

  61.                     pass
    62. 

  62.                 else:
    63. 

  63.                     print('    Message: {}'.format(message))
    64. 

  64. 

  65. 

  66. if __name__=='__main__':
    67. 

  67.     main()
    68.