Sign in to PrePAN

Win32::Event2Log This module uses Win32::EventLog and parses windows events and write them to plain logfiles. This module is rule based.



use strict;
use warnings;
use Win32::Event2Log;

my $engine = Win32::Event2Log->new(	
			        # frequency of event read, defualt to 5
			interval => 60,
				# default to $ENV{COMPUTERNAME}	
			computer =>  $ENV{COMPUTERNAME},
				# seconds since epoch when the parser will stops (default to 0 ie never)
			endtime => time + 3600,
				# the operation log defaults to undef but if verbosity > 0 it will
				# defaults to the calling program name with '-operations.log appended				
			mainlog => './mainlog.log',
				# from 0 to 3, defaults to 0
			verbosity=> 3,
				# the file used  to retrieve and store numbers of
				# of each registry last read event.
				# Defaults to the calling program name with '-lastread.log' appended				
			lastreadfile=> './lastread.log'		

$engine->add_rule (
				# mandatory arguments
				# one among valid events registry
			registry => 'System',
				# a valid source or a regex
			source	 => 'Kernel-General',
				# the destination log where events will be wrote
			log		 => 'c:\path\to\file.log', 
				# optional arguments 
				# deaults to name with the appriopriat registry and an incremental number
			name 	=> 'rule name',
				# to optionally search inside the Message of the event
			regex	=> qr/perl/i,
				# a callback to transform the output. See add_rule in documentation
			format	=> sub{..},     

# from now the engine will run forever unless endtime was specified


A rule it's a minimal set of conditions to be met to write an entry to a logfile. You must add valid rules before starting the engine.

Once started, the engine will check events every x seconds (specified using interval argument) and for every registry (System, Application, Security, Installation or a user defined one) that is requested at least in one rule will check for an event's source specified and optionally for some text contained in the event's description.

If the rule it's succesfull then an entry it's wrote in the specified logfile. A custom callback can transofrm the line to be wrote using the format option. The parser can optionally shutdown itself if endtime it is specified.


Please sign up to post a review.