Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

eventLogDemo.py 4.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
  1. import win32api # To translate NT Sids to account names.
  2. import win32con
  3. import win32evtlog
  4. import win32evtlogutil
  5. import win32security
  6. def ReadLog(computer, logType="Application", dumpEachRecord=0):
  7. # read the entire log back.
  8. h = win32evtlog.OpenEventLog(computer, logType)
  9. numRecords = win32evtlog.GetNumberOfEventLogRecords(h)
  10. # print "There are %d records" % numRecords
  11. num = 0
  12. while 1:
  13. objects = win32evtlog.ReadEventLog(
  14. h,
  15. win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ,
  16. 0,
  17. )
  18. if not objects:
  19. break
  20. for object in objects:
  21. # get it for testing purposes, but dont print it.
  22. msg = win32evtlogutil.SafeFormatMessage(object, logType)
  23. if object.Sid is not None:
  24. try:
  25. domain, user, typ = win32security.LookupAccountSid(
  26. computer, object.Sid
  27. )
  28. sidDesc = "%s/%s" % (domain, user)
  29. except win32security.error:
  30. sidDesc = str(object.Sid)
  31. user_desc = "Event associated with user %s" % (sidDesc,)
  32. else:
  33. user_desc = None
  34. if dumpEachRecord:
  35. print(
  36. "Event record from %r generated at %s"
  37. % (object.SourceName, object.TimeGenerated.Format())
  38. )
  39. if user_desc:
  40. print(user_desc)
  41. try:
  42. print(msg)
  43. except UnicodeError:
  44. print("(unicode error printing message: repr() follows...)")
  45. print(repr(msg))
  46. num = num + len(objects)
  47. if numRecords == num:
  48. print("Successfully read all", numRecords, "records")
  49. else:
  50. print(
  51. "Couldn't get all records - reported %d, but found %d" % (numRecords, num)
  52. )
  53. print(
  54. "(Note that some other app may have written records while we were running!)"
  55. )
  56. win32evtlog.CloseEventLog(h)
  57. def usage():
  58. print("Writes an event to the event log.")
  59. print("-w : Dont write any test records.")
  60. print("-r : Dont read the event log")
  61. print("-c : computerName : Process the log on the specified computer")
  62. print("-v : Verbose")
  63. print("-t : LogType - Use the specified log - default = 'Application'")
  64. def test():
  65. # check if running on Windows NT, if not, display notice and terminate
  66. if win32api.GetVersion() & 0x80000000:
  67. print("This sample only runs on NT")
  68. return
  69. import getopt
  70. import sys
  71. opts, args = getopt.getopt(sys.argv[1:], "rwh?c:t:v")
  72. computer = None
  73. do_read = do_write = 1
  74. logType = "Application"
  75. verbose = 0
  76. if len(args) > 0:
  77. print("Invalid args")
  78. usage()
  79. return 1
  80. for opt, val in opts:
  81. if opt == "-t":
  82. logType = val
  83. if opt == "-c":
  84. computer = val
  85. if opt in ["-h", "-?"]:
  86. usage()
  87. return
  88. if opt == "-r":
  89. do_read = 0
  90. if opt == "-w":
  91. do_write = 0
  92. if opt == "-v":
  93. verbose = verbose + 1
  94. if do_write:
  95. ph = win32api.GetCurrentProcess()
  96. th = win32security.OpenProcessToken(ph, win32con.TOKEN_READ)
  97. my_sid = win32security.GetTokenInformation(th, win32security.TokenUser)[0]
  98. win32evtlogutil.ReportEvent(
  99. logType,
  100. 2,
  101. strings=["The message text for event 2", "Another insert"],
  102. data="Raw\0Data".encode("ascii"),
  103. sid=my_sid,
  104. )
  105. win32evtlogutil.ReportEvent(
  106. logType,
  107. 1,
  108. eventType=win32evtlog.EVENTLOG_WARNING_TYPE,
  109. strings=["A warning", "An even more dire warning"],
  110. data="Raw\0Data".encode("ascii"),
  111. sid=my_sid,
  112. )
  113. win32evtlogutil.ReportEvent(
  114. logType,
  115. 1,
  116. eventType=win32evtlog.EVENTLOG_INFORMATION_TYPE,
  117. strings=["An info", "Too much info"],
  118. data="Raw\0Data".encode("ascii"),
  119. sid=my_sid,
  120. )
  121. print("Successfully wrote 3 records to the log")
  122. if do_read:
  123. ReadLog(computer, logType, verbose > 0)
  124. if __name__ == "__main__":
  125. test()