GET_WIN_EVENT

Use the GET_WIN_EVENT script function in Console-type Events (see CONS Events) to monitor the Windows Event Viewer. The event occurs if it identifies an entry in the Windows system, security, or application log that complies with the definitions you made in its Details pane. In this case, the steps defined in the ! Process page of the Event object are processed. In the ! Process page, you can use the GET_WIN_EVENT script function together with a Keyword parameter to retrieve the specific information of this entry. The optional Index parameter allows you to access the variable parts of Microsoft Windows message texts.

Syntax

GET_WIN_EVENT (Keyword[, Index])

Parameters

  • GET_WIN_EVENT
    Retrieves entries in Windows system, security and application logs when an event occurs

  • Keyword
    Name of the field whose contents you want to retrieve for this event
    Format: AE name or script variable
    Allowed values:

    • CATEGORY
      Event category
    • EVENT_ID
      ID of the event
    • INSERT
      Accesses a specific variable message part
    • INSERT_COUNT
      Retrieves the number of variable message parts you can access
    • SOURCE
      Event source
    • TIMESTAMP
      D
      ate and time
    • TYPE
      Event type
      Return codes:
      • I
        Information
      • W
        Warning
      • E
        Error
      • S
        Success audit
      • F
        Failure audit
    • USER
      User
  • Index
    (Optional) Allows you to access the variable message parts of Windows message texts in the description field of the Event Viewer details. You can only use this keyword together with the INSERT keyword (INSERT, Index). GET_WIN_EVENT returns the first variable message part if this parameter is not defined.
    Note: You cannot read the static part of message texts.
    Format: script literal, number, or script variable.
    Default value: 1

Examples

The following example retrieves the number of variable message parts in the description field of the Event Viewer details. This number is stored in the "&COUNT" scripting variable . Then, a processing loop runs in which the second and third variable message part (INSERT keyword ) are written to the activation report.

:SET &COUNT# = GET_WIN_EVENT("INSERT_COUNT")
:
SET &IDX# = 1
:
WHILE &IDX# <= &COUNT#
:  
SET &INSERT# = GET_WIN_EVENT("INSERT", &IDX#)
:   
SET &HELP# = FORMAT(&IDX#, "000")
:   
PRINT "INSERT[&HELP#] = '&INSERT#'"
:   
SET &IDX# = ADD(&IDX#, 1)
:
ENDWHILE

The complete message of the event details could look like the following:

User "00432233778822#0001" has established a connection with "T-Online" by using the "AVMISDN1" adapter.

The variable message parts are logged in the activation report with the following lines:

20220117/193135.000 - U0020408 INSERT[002] = 'T-Online'
20220117/193135.000 - U0020408 INSERT[003] = 'AVMISDN1'

See also: