Saturday, January 21, 2012

Fix! Pythonwin (2.x) Windows 2008 Event Log Text Get Empty String

Symptom:

You used to be able to get the Event Viewer text under Windows 2003 using the following call in Pythonwin. After switching to Windows 2008 or Windows 7 the strings are all empty!

events=win32evtlog.ReadEventLog(hEvent,flags,0)

for ev_obj in events :      
   msg=str(win32evtlogutil.SafeFormatMessage(ev_obj, logType))

Now the majority of "msg" comes out blank. Oddly enough any newer programs the msg come out fine.

Fix:

The string messages logged can also be found as tuples in (using above code example) ev_obj.StringInserts as UNICODE strings.

Therefore, for example, to grab the strings as one msg string, you could write a quick loop like this to get you the full string.

                               msg = ''
             for si in ev_obj.StringInserts :
                   msg = msg + si + ' '                               
             print msg