Converting Windows Event Viewer log files on a *nix platform?
March 2, 2005 1:57 PM Subscribe
DUMPEL from the Win2K Resource Kit takes .EVT (Windows Event Viewer) binary log files and outputs plaintext. I've searched high and low, and can't find a Linux/UNIX equivalent that I can use to process these saved log files. Any suggestions?
Response by poster: I'm trying to automate nightly processing of EV log files into plaintext that I can then massage into web reports and email reports; WINE would just add another layer of not-automatable complexity.
I had a great solution setup (cygwin/crontab/awk/dumpel) then discovered that Cygwin's crontab doesn't like to talk to network shares due to permission issues.
posted by mrbill at 2:08 PM on March 2, 2005
I had a great solution setup (cygwin/crontab/awk/dumpel) then discovered that Cygwin's crontab doesn't like to talk to network shares due to permission issues.
posted by mrbill at 2:08 PM on March 2, 2005
Best answer: There are several modules for Perl that work with Windows event logs..
Try CPAN
posted by dirtylittlemonkey at 2:08 PM on March 2, 2005
Try CPAN
posted by dirtylittlemonkey at 2:08 PM on March 2, 2005
Best answer: Once you get the Perl modules these guys have generously created some parser scripts for you!
posted by mnology at 2:27 PM on March 2, 2005
posted by mnology at 2:27 PM on March 2, 2005
Response by poster: dlm: In the course of digging through the CPAN modules yet again, I found this PHP script, which looks like it will work.
posted by mrbill at 2:27 PM on March 2, 2005
posted by mrbill at 2:27 PM on March 2, 2005
Response by poster: Thanks, dirtylittlemonkey and mnology. Found the perfect stuff I need (via your links) to do it in Perl.
posted by mrbill at 2:38 PM on March 2, 2005
posted by mrbill at 2:38 PM on March 2, 2005
Response by poster: FWIW, I'm using Parse::EventLog, which didn't exist last time I went hunting through CPAN (two months ago).
posted by mrbill at 5:08 PM on March 2, 2005
posted by mrbill at 5:08 PM on March 2, 2005
This thread is closed to new comments.
Or if it is console-based, DosBox will do the trick...
posted by onalark at 2:02 PM on March 2, 2005