GET_WIN_EVENT
Use the GET_WIN_EVENT script function in Console-type Events (see CONS Events) to monitor the Windows Event Viewer. The event occurs if it identifies an entry in the Windows system, security, or application log that complies with the definitions you made in its Details pane. In this case, the steps defined in the ! Process page of the Event object are processed. In the ! Process page, you can use the GET_WIN_EVENT script function together with a Keyword parameter to retrieve the specific information of this entry. The optional Index parameter allows you to access the variable parts of Microsoft Windows message texts.
Syntax
GET_WIN_EVENT (Keyword[, Index])
Parameters
-
GET_WIN_EVENT
Retrieves entries in Windows system, security and application logs when an event occurs -
Keyword
Name of the field whose contents you want to retrieve for this event
Format: AE name or script variable
Allowed values:-
CATEGORY
Event category -
EVENT_ID
ID of the event - INSERT
Accesses a specific variable message part - INSERT_COUNT
Retrieves the number of variable message parts you can access - SOURCE
Event source - TIMESTAMP
Date and time - TYPE
Event type
Return codes:- I
Information - W
Warning - E
Error - S
Success audit - F
Failure audit
- I
- USER
User
-
CATEGORY
- Index
(Optional) Allows you to access the variable message parts of Windows message texts in the description field of the Event Viewer details. You can only use this keyword together with the INSERT keyword (INSERT, Index). GET_WIN_EVENT returns the first variable message part if this parameter is not defined.
Note: You cannot read the static part of message texts.
Format: script literal, number, or script variable.
Default value: 1
Examples
The following example retrieves the number of variable message parts in the description field of the Event Viewer details. This number is stored in the "&COUNT" scripting variable . Then, a processing loop runs in which the second and third variable message part (INSERT keyword ) are written to the activation report.
:SET &COUNT# = GET_WIN_EVENT("INSERT_COUNT")
:SET &IDX# = 1
:WHILE &IDX# <= &COUNT#
: SET &INSERT# = GET_WIN_EVENT("INSERT", &IDX#)
: SET &HELP# = FORMAT(&IDX#, "000")
: PRINT "INSERT[&HELP#]
= '&INSERT#'"
: SET &IDX# = ADD(&IDX#, 1)
:ENDWHILE
The complete message of the event details could look like the following:
User "00432233778822#0001" has established a connection with "T-Online" by using the "AVMISDN1" adapter.
The variable message parts are logged in the activation report with the following lines:
20220117/193135.000 - U0020408 INSERT[002]
= 'T-Online'
20220117/193135.000 - U0020408 INSERT[003] = 'AVMISDN1'
See also: