Home
Browse
Python for Windows Extensions
Old Bugs - new issues at https://github.com/mhammond/pywin32/issues

win32evtlog.OpenEventLog cannot open log under "Applications and Services Logs"

OLD project page for the Python extensions for Windows

Brought to you by: mhammond

This project can now be found here.

#676 win32evtlog.OpenEventLog cannot open log under "Applications and Services Logs"

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: eventlog (1) win32evtlog (2)

Priority: 5

Updated: 2014-08-15

Created: 2014-08-13

Creator: Florian

Private: No

I tried a lot of different ways to open one of the log files listed under "Applications and Services Logs" in the Eventlog of Windows 7/2008 R2.
Accessing these logs always resulted in an opened "Application" log which has in my case 9635 entries.

File:
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx

Example Code:
hand = win32evtlog.OpenEventLog(None,"Microsoft-Windows-TaskScheduler/Operational")
print win32evtlog.GetNumberOfEventLogRecords(hand)
9635

Discussion

Florian - 2014-08-13

Found some hints here:

http://social.msdn.microsoft.com/Forums/en-US/882df3d5-9a9b-437b-a6ab-e09873ce6ece/cant-access-event-log-for-tasks?forum=csharplanguage

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Florian - 2014-08-13

Found a workaround (that sucks, as you have to edit the registry to make it work).
I tried it and it worked. Is it possible to adapt the "OpenEventLog" Function to assume that this registry key exists and simply access the log?

https://support.zoho.com/portal/manageengine/helpcenter/articles/monitoring-the-custom-eventlog-in-opmanager

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roger Upole - 2014-08-14

You can access the Application and Services logs using the newer Evt* functions introduced with Vista.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Florian - 2014-08-14

When I try this the Python process crashes.

I use the current Python 2.7.7 32bit on Windows 7 x64.
Pywin32 build 219
Running the script with Administrator rights

Code:
logtype = "Microsoft-Windows-Windows Defender/Operational"
hand = win32evtlog.EvtOpenLog(logtype, 1, None)
total = win32evtlog.GetNumberOfEventLogRecords(hand)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roger Upole - 2014-08-15

Handles aren't portable between the older event log functions and the newer Evt* functions. To get the number of event in the log, try
win32evtlog.EvtGetLogInfo(h, win32evtlog.EvtLogNumberOfLogRecords)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Florian - 2014-08-15

Ahh - thank you. Now I see.
I cannot close this ticket but I consider it closed.

Last edit: Florian 2014-08-15

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Florian - 2014-08-15

No wait.
Running this on Windows 2003 completely crashes the python process. I cant handle this with a try catch statement:

hand = win32evtlog.EvtOpenLog(logtype, 1, None)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: