Reading Windows event logs of the last one hour using win32evtlog module

Question

Reading windows event log using win32evtlog module

that post explains how one can read the entire log of events but I was wondering how one can actually use that module to get logs of the last hour?

How about using ElasticSearch??? – Harith Jul 14 '18 at 08:34 — Harith, Jul 14 '18 at 08:34

score 0 · Answer 1 · answered Jul 09 '18 at 17:23

I found some insight on: http://timgolden.me.uk/pywin32-docs/Windows_NT_Eventlog.html

In particular the last bit of example where we less each event object time attribute to the current time until the last bit of condition is met (e.g if seconds < begin_sec-28800). It breaks after that. This approach seems to be the appropriate one to get the time (in this case logs of the past 8 hours)

Reading Windows event logs of the last one hour using win32evtlog module

1 Answers1