I want to open a specific log to the Windows Event Log, named "Microsoft-Windows-TerminalServices-RemoteConnectionManager". I used this code:
import win32evtlog
logtype = 'Microsoft-Windows-TerminalServices-RemoteConnectionManager'
hand = win32evtlog.OpenEventLog("",logtype)
flags = win32evtlog.EVENTLOG_SEQUENTIAL_READ|win32evtlog.EVENTLOG_FORWARDS_READ
while True:
events = win32evtlog.ReadEventLog(hand, flags,0)
if events:
for event in events:
print ('Event ID:', event.EventID & 0x1FFFFFFF)
But it doesn't work, this code open "System" log, instead "Microsoft-Windows-TerminalServices-RemoteConnectionManager".
And I really dont know why. In the documentation to "win32evtlog.OpenEventLog":
Points to a null-terminated string that specifies the name of the source that the returned handle will reference. The source name must be a subkey of a logfile entry under the EventLog key in the registry. For example, the source name WinApp would be valid if the registry had the following form:
HKEY_LOCAL_MACHINE
System
CurrentControlSet Services EventLog Application WinApp Security SystemIf the source name cannot be found, the event logging service uses the Application logfile with no message files for the event identifier or category.
http://www.sxlist.com/techref/os/win/api/win32/func/src/f65_20.htm
Yes, I have subkey in registry, named "Microsoft-Windows-TerminalServices-RemoteConnectionManager", but in the "System" key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager
Why it doesn't work? And if it is not a bug, but a feature, what is the way to read this log?
Thanks to your answer
