Automation Engine Script Guide > Ordered by Function > Event Handling > GET_WIN_EVENT

GET_WIN_EVENT

Script Function: Determines entries in the Windows system, security and application logs if an event occurs.

Syntax

GET_WIN_EVENT(Keyword, [Index])

Syntax	Description/Format
Keyword	Name of the field whose contents should be determined for this event. Format: AE name or script variable. CATEGORY - category of event EVENT_ID - Event ID INSERT - accesses one specific variable message part INSERT_COUNT - determines the number of variable message parts SOURCE - source of the event TIMESTAMP - date and time TYPE - type of the event USER - user
Index	Access to the variable message parts in the Description field of the event details. Format of Index: script literal, number or script variable. Default value: "1" Can only be used in connection with the keyword INSERT (INSERT, Index).

Syntax

Description/Format

Keyword

Name of the field whose contents should be determined for this event.
Format: AE name or script variable.

CATEGORY - category of event
EVENT_ID - Event ID
INSERT - accesses one specific variable message part
INSERT_COUNT - determines the number of variable message parts
SOURCE - source of the event
TIMESTAMP - date and time
TYPE - type of the event
USER - user

Index

Access to the variable message parts in the Description field of the event details.
Format of Index: script literal, number or script variable. Default value: "1"

Can only be used in connection with the keyword INSERT (INSERT, Index).

Comments

This script function is used in a "Console" event for Windows. With this event type the Windows event display can be monitored. This event occurs if an entry in the system, security or application protocol corresponds to the specifications made in the Detail tab. The processing steps from the ! Process tab are then processed. GET_WIN_EVENT in combination with a keyword can now be used to access specific information concerning this entry.

If TYPE is used as keyword, this script function supplies the following return codes: "I" for information, "W" for warning, "E" for error, "S" for success audit and "F" for failure audit.

Message texts in Microsoft Windows consist of static and variable parts. This script function delivers only the variable message parts. With INSERT_COUNT being the keyword, the number of the variable message parts can be specified. With INSERT being the keyword and the specification of Index, a particular variable message part is accessed. Index can only be specified with INSERT (optionally). Without Index, the function returns the first variable message part.

Examples

In the example shown below, the first the number of the variable message parts in the "Description" field of the event's details is determined. The number is stored in the script variable "&COUNT". Afterwards, a processing loop runs in which the second and third variable message part (keyword INSERT) are written to the activation report.

:SET &COUNT# = GET_WIN_EVENT("INSERT_COUNT")
:SET &IDX# = 1
:WHILE &IDX# <= &COUNT#
: SET &INSERT# = GET_WIN_EVENT("INSERT", &IDX#)
:   SET &HELP# = FORMAT(&IDX#, "000")
:   PRINT "INSERT[&HELP#] = '&INSERT#'"
:   SET &IDX# = ADD(&IDX#, 1)
:ENDWHILE

This could be the entire message of the event's details: The user "00432233778822#0001" has established a connection with "T-Online" using the adapter "AVMISDN1". The variable message parts are logged to the activation report with the following lines:

20010117/193135.000 - U0020408 INSERT[002] = 'T-Online'
20010117/193135.000 - U0020408 INSERT[003] = 'AVMISDN1'