Thursday, 17 December 2020

Open Specific Event logs using win32evtlog Python

I want to open a specific log to the Windows Event Log, named "Microsoft-Windows-TerminalServices-LocalSessionManager". I used this code:

import win32evtlog

server = 'localhost' # name of the target computer to get event logs
logtype = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager'
hand = win32evtlog.OpenEventLog(server,logtype)
flags =  win32evtlog.EVENTLOG_SEQUENTIAL_READ|win32evtlog.EVENTLOG_FORWARDS_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)

while True:
    events = win32evtlog.ReadEventLog(hand, flags,0)
    if events:
        for event in events:
                print('Event Category:', event.EventCategory)
                print ('Time Generated:', event.TimeGenerated)
                print ('Source Name:', event.SourceName)
                print ('Event ID:', event.EventID)
                print ('Event Type:', event.EventType)
                data = event.StringInserts
                if data:
                    print('Event Data:')
                    for msg in data:
                        print(msg)

But it doesn't work, this code open "System" log, instead "Microsoft-Windows-TerminalServices-LocalSessionManager". Why it doesn't work? And if it is not a bug, but a feature, what is the way to read this log?

Thanks to your answer



from Open Specific Event logs using win32evtlog Python
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)