event_logs – Event Logs¶
Each Windows machine comes equipped with an expandable set of event logs for tracking system- or application-level event information. This module offers a Pythonic interface to event logs, including iterating over them, checking their length and accessing them by means of easy monikers, regardless of what machine they’re on.
Each Windows system comes with predefined Event Logs called (in the English-language versions): Application, System, Security. Certain Microsoft applications create extra ones, but most applications create an event source against the Applications log.
In principal, event sources are key to the way in which event logs work. An event source represents a DLL and a resource file containing messages, possibly in multiple languages, possibly containing placeholders for the calling application to fill in with the name of a file or a user or whatever. It’s linked to one of the event logs (Application, System, etc). When you log an event, you do it via an event source handle.
In reality, it’s perfectly possible to log an event against an event source
which doesn’t exist. You’ll get a bit of boilerplate text in the event
message saying that something couldn’t be found, but the event will log.
This module allows creation of simple event sources, via the
method and at present forces an event source to exist before a record can
be logged against it.
Of these functions, the two you’re most likely to need are:
which returns an
EventLog corresponding to the named log,
which you can then iterate over; and
log_event(), which logs an event
against a named source.
- New Vista / 2008 Event Logs mechanism
- Some way of incorporating DLLs of messages
- Using EVENTLOG_SEEK_READ for better random access