Perl script to parse multiple windows event logs.

kar_333 · December 7, 2012, 5:17am

Hi all,

I am developing a log parsing agent in perl to send windows Event logs to Zenoss Monitoring tool. Using Win32::EventLog i can able to get the Event messages but only one Eventype eg Application or System could able to parse at a time. Can you please help to how to open mutiple eventlogs at a time I need to get the total number of events combining all these event types. Below is my code which i tried

 
my @log_type =("Application", "Security", "Setup", "System", "Forwarded Events"); 
foreach $logs_type (@log_type){ #print "$logs_type\n"; Win32::EventLog::Open($EventLog, $logs_type,'') or die "Could not open System log:$^E\n"; 
$EventLog->Win32::EventLog::GetNumber($numevents); 
print "$numevents"; 
}

DGPickett · December 7, 2012, 5:11pm

An associative array for each type can hold the counts of that type, once you parse them out.

spacebar · December 7, 2012, 9:34pm

Try it like this:

use Win32::EventLog;

my @log_type            =  ( "Application", "Security", "Setup", "System", "Forwarded Events" );
my $log_type;
my $elh;
my $events_count        =  0;
my $total_events_count  =  0;


foreach $log_type ( @log_type ) {
  $elh  =  Win32::EventLog->new(  $log_type ) or die "Can't open $log_type Event Log\n";
  $elh->GetNumber( $events_count );
  $total_events_count  =  $total_events_count + $events_count;
}
print $total_events_count;

DGPickett · December 13, 2012, 2:35pm

If you must search one at a time, you might do it in parallel so the files are cached in RAM once.