# Win32::Event2Log This module uses Win32::EventLog and parses windows events and write them to plain logfiles. This module is rule based.

## Synopsis

use strict;
use warnings;

use Win32::Event2Log;

my $engine = Win32::Event2Log->new( # frequency of event read, defualt to 5 interval => 60, # default to$ENV{COMPUTERNAME}
computer =>  $ENV{COMPUTERNAME}, # seconds since epoch when the parser will stops (default to 0 ie never) endtime => time + 3600, # the operation log defaults to undef but if verbosity > 0 it will # defaults to the calling program name with '-operations.log appended mainlog => './mainlog.log', # from 0 to 3, defaults to 0 verbosity=> 3, # the file used to retrieve and store numbers of # of each registry last read event. # Defaults to the calling program name with '-lastread.log' appended lastreadfile=> './lastread.log' );$engine->add_rule (

# mandatory arguments
# one among valid events registry
registry => 'System',
# a valid source or a regex
source	 => 'Kernel-General',
# the destination log where events will be wrote
log		 => 'c:\path\to\file.log',

# optional arguments
# deaults to name with the appriopriat registry and an incremental number
name 	=> 'rule name',
# to optionally search inside the Message of the event
regex	=> qr/perl/i,
# a callback to transform the output. See add_rule in documentation
format	=> sub{..},

);

# from now the engine will run forever unless endtime was specified
\$engine->start;

## Description

A rule it's a minimal set of conditions to be met to write an entry to a logfile. You must add valid rules before starting the engine.

Once started, the engine will check events every x seconds (specified using interval argument) and for every registry (System, Application, Security, Installation or a user defined one) that is requested at least in one rule will check for an event's source specified and optionally for some text contained in the event's description.

If the rule it's succesfull then an entry it's wrote in the specified logfile. A custom callback can transofrm the line to be wrote using the format option. The parser can optionally shutdown itself if endtime it is specified.