January 2000
Intermediate to advanced
672 pages
21h 46m
English
Content preview from Python Programming On Win32Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Reading the Event Log
The Windows NT Event Log is a single repository applications can use to log certain types of information. The Event Log provides a number of features that make it attractive for applications to use:
It provides a central point for an NT administrator to view all relevant messages, regardless of what application generated them.
It is transactional and thread-safe. There’s no need to protect multiple threads from writing at the same time and no need to worry about partial records being written.
It has functionality for overwriting old records should the Event Log become full.
The minimum amount of information possible is written to the Event Log. The Event Log message is not written to the Event Log, just the “inserts” specific to this entry. For example, a message may be defined as “Cannot open file %1.” This message is not written to the log; only the event ID and its “inserts” (in this case the filename) is written. This keeps Event Log records small.
To view the Event Log, use the Event Log Viewer, which can be found under the Administrative Tools folder on the Windows NT Start menu.
Most services write information to the Event Log, but exactly what they write depends on the service. Most services write an entry when they start and stop, encounter an error, or need to report audit or access control information.
There are two Python modules that support the Event Log:
win32evtlog
supplies a Python interface to the
native Win32 Event Log API, while the
win32evtlog-util ...