如何从Python win32evtlog中检索其余信息? [英] How retrieve from Python win32evtlog rest of info?

问题描述

使用win32evtlog我可以获得下一个信息:

Using win32evtlog I can get next info:

events = win32evtlog.ReadEventLog(loghandle, flags, 0)
while events:
    for event in events:
        print 'Event Category:', event.EventCategory
        print 'Time Generated:', event.TimeGenerated
        print 'Source Name:', event.SourceName
        print 'Event ID:', event.EventID
        print 'Event Type:', event.EventType
        data = event.StringInserts
        if data:
            print 'Event Data:'
            for msg in data:
                print msg
    events = win32evtlog.ReadEventLog(loghandle, flags, 0)

但是，如果我们看一下事件结构:

But if we look at event structure:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="PRNAME" /> 
  <EventID Qualifiers="0">18</EventID> 
  <Level>0</Level> 
  <Task>0</Task> 
  <Keywords>0xa0000000000000</Keywords> 
  <TimeCreated SystemTime="2012-04-03T05:30:02.000000000Z" /> 
  <EventRecordID>2387524</EventRecordID> 
  <Channel>PRNAME</Channel> 
  <Computer>A00001</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>tst</Data> 
  <Binary>01020304</Binary> 
  </EventData>
  </Event>

我们可以在此处找到其他信息:

We can find there additional info:

• 频道名称-与提供者名称不同
• EventRecordId
• 计算机
• 二进制

和其他.如何获得它们?我特别需要Binary和EventRecordId，但是我想必须有一种方法可以从事件日志中获取所有数据.

and other. How to get them? I especially need Binary and EventRecordId, but I guess there have to be way to get all data from event log.

推荐答案

您尝试过吗?

events = win32evtlog.ReadEventLog(loghandle, flags, 0)
if events:
  print dir(events[0])

我自己得到了您要找的一些字段:

Myself I get some of the fields you were looking for:

• RecordNumber
• 计算机名

这篇关于如何从Python win32evtlog中检索其余信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！