#!/usr/bin/perl -w use Win32::EventLog; $area = 'System'; # Default $host = $ENV{'ComputerName'}; $log_handle = Win32::EventLog->new($area, $host)or die "Cannot open $area event log $!\n"; $log_handle->GetOldest($record_base) or die "Error getting oldest record, $!\n"; $log_handle->GetNumber($num_records) or die "Error getting number records, $!\n"; for ($rec = 0; $rec < $num_records; $rec++ ) { $log_handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ, $record_base + $rec,\%hash)or die "Cannot read event log entry $rec, $!\n"; print_error_log( \%hash ); } $log_handle->Close(); sub print_error_log { my($hash_ref) = $_[0]; my(%hash) = %$hash_ref; my($time_str); my($time_value); if ( exists( $hash{'EventType'} ) ) { if ( $hash{'EventType'} eq EVENTLOG_ERROR_TYPE ) { my($source) = $hash{'Source'}; $time_value = $hash{'TimeGenerated'}; $time_str = localtime( $time_value ); my($rec_number) = $hash{'RecordNumber'}; my($msg) =Win32::EventLog::GetMessageText( \%hash ); if (defined($msg) ) { print " $rec_number $source $time_str\n"; print "$msg\n"; } else { # Print raw strings used to create message. print " $rec_number $source $time_str\n"; print "$hash{'Strings'}"; } } } }