使用win32evtlog模塊讀窗口事件日誌

Question

下面是代碼，它給出了總共87399個日誌號，但是在讀取日誌時它只返回一個7個記錄列表。

import win32evtlog 

server = 'localhost' 
logtype = 'Application' 
hand = win32evtlog.OpenEventLog(server,logtype) 
flags = win32evtlog.EVENTLOG_SEQUENTIAL_READ | win32evtlog.EVENTLOG_BACKWARDS_READ 
total = win32evtlog.GetNumberOfEventLogRecords(hand) 
events=win32evtlog.ReadEventLog(hand,flags,0) 
print "Total number of Event record ",total #Returning 87399 
print "Log record read",len(events) #Returning 7 

for event in events: 
    print 'Event Category:', event.EventCategory 
    print 'Time Generated:', event.TimeGenerated 
    print 'Source Name:', event.SourceName 
    print 'Event ID:', event.EventID 
    print 'Event Type:', event.EventType 
    print 'Computer Name:', event.ComputerName 
    print 'Data Name:', event.Data 
    print type(event) 

如何讀取所有日誌記錄？

在此先感謝

Answer 1

import win32evtlog # requires pywin32 pre-installed 

server = 'localhost' # name of the target computer to get event logs 
logtype = 'System' # 'Application' # 'Security' 
hand = win32evtlog.OpenEventLog(server,logtype) 
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ 
total = win32evtlog.GetNumberOfEventLogRecords(hand) 

while True: 
    events = win32evtlog.ReadEventLog(hand, flags,0) 
    if events: 
     for event in events: 
      print 'Event Category:', event.EventCategory 
      print 'Time Generated:', event.TimeGenerated 
      print 'Source Name:', event.SourceName 
      print 'Event ID:', event.EventID 
      print 'Event Type:', event.EventType 
      data = event.StringInserts 
      if data: 
       print 'Event Data:' 
       for msg in data: 
        print msg 
      print 

注：使用，而真正遍歷的事件，使我們可以得到每個事件。