Last active
March 17, 2022 01:21
-
-
Save manesec/18c69705b151f8424bc9220fba139b63 to your computer and use it in GitHub Desktop.
Python3 using win32evtlog dump all windows event log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # python3 using win32evtlog dump all event log | |
| # Write by mane. | |
| import win32evtlog | |
| # Enum all windows eventlog | |
| logenum = win32evtlog.EvtOpenChannelEnum() | |
| obj = win32evtlog.EvtNextChannelPath(logenum) | |
| count= 1 | |
| while obj != None: | |
| count += 1 | |
| # print like Microsoft-Windows-Diagnosis-Scheduled/Operational | |
| print(obj) | |
| obj = win32evtlog.EvtNextChannelPath(logenum) | |
| print(count) | |
| # Export log with | |
| win32evtlog.EvtExportLog("Microsoft-Client-Licensing-Platform/Admin","output.evtx",1) | |
| # Reading the event log (copy on Internet) | |
| server = 'localhost' # name of the target computer to get event logs | |
| logtype = 'Microsoft-Client-Licensing-Platform/Admin' # 'Application' # 'Security' | |
| hand = win32evtlog.OpenEventLog(server,logtype) | |
| flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ | |
| total = win32evtlog.GetNumberOfEventLogRecords(hand) | |
| while True: | |
| events = win32evtlog.ReadEventLog(hand, flags,0) | |
| if events: | |
| for event in events: | |
| print ('Event Category:', event.EventCategory) | |
| print ('Time Generated:', event.TimeGenerated) | |
| print ('Source Name:', event.SourceName) | |
| print ('Event ID:', event.EventID) | |
| print ('Event Type:', event.EventType) | |
| data = event.StringInserts | |
| if data: | |
| print ('Event Data:') | |
| for msg in data: | |
| print (msg) | |
| print() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment