[JM] 7/4/2009, Using the [LogParser]'s scriptable COM with Tcl:
Example #1<
>
Input: Event Log<
>
Output: CSV file<
>
''This is called Batch Mode''
----
package require tcom
console show
set oLogQuery [::tcom::ref createobject "MSUtil.LogQuery"]
set oEVTInputFormat [::tcom::ref createobject "MSUtil.LogQuery.EventLogInputFormat"]
$oEVTInputFormat direction "BW"
set oCSVOutputFormat [::tcom::ref createobject "MSUtil.LogQuery.CSVOutputFormat"]
$oCSVOutputFormat tabs true
set strQuery "SELECT TimeGenerated, EventID INTO C:\\output.csv FROM System"
append strQuery " WHERE SourceName = 'Application Popup'"
$oLogQuery ExecuteBatch $strQuery $oEVTInputFormat $oCSVOutputFormat
after running this example, the following file will be created:<
>c:\output.csv<
>
----
Example #2<
>
Input: File System<
>
Output: the application itself<
>
''This is called Interactive Mode''
package require tcom
console show
set lgp [tcom::ref createobject MSUtil.LogQuery]
set evt [tcom::ref createobject MSUtil.LogQuery.FileSystemInputFormat]
set recordSet [$lgp Execute \
"SELECT TOP 10 Path, Name, Size FROM C:\\*.* ORDER BY Size DESC"\
$evt]
while { ![$recordSet atEnd] } {
set record [$recordSet getRecord]
puts "[$record getValue 0],[$record getValue 1],[$record getValue 2]"
$recordSet moveNext
}
$recordSet close
----
'''[Jorge] - 2009-07-04 23:58:22'''
of course, you have to execute:
C:\LogParser>regsvr32 LogParser.dll
to "register" the LogParser scriptable COM component.
----
[male] - 2010-02-23 - an example accessing the Windows event log [LogParser accessing the Windows event log]
----
!!!!!!
%| [Category Parsing] | [Category File] |%
!!!!!!