GET_WIN_EVENT

Use the GET_WIN_EVENT script function in Console-type Events (see Console (CONS) Event Objects) to monitor the Windows Event Viewer. The event occurs when an entry is identified in the Windows system, security, or application log that matches the definitions in its Details pane. When this happens, the steps defined in the ! Process page of the Event object are processed. Use the GET_WIN_EVENT script function together with a Keyword parameter to retrieve specific information from the matching entry. The optional Index parameter lets you access the variable parts of Windows message texts.

Syntax

GET_WIN_EVENT (Keyword[, Index])

Parameters

Parameter	Description	Format	Allowed Values	Default Value
Keyword	Name of the field whose contents you want to retrieve for this event.	AE name or script variable	CATEGORY — Event category EVENT_ID — ID of the event INSERT — Accesses a specific variable message part INSERT_COUNT — Retrieves the number of variable message parts you can access SOURCE — Event source TIMESTAMP — Date and time TYPE — Event type. Return codes: I — Information W — Warning E — Error S — Success audit F — Failure audit USER — User	n.a.
Index (Optional)	Allows you to access the variable message parts of Windows message texts in the description field of the Event Viewer details. Use only together with the INSERT keyword (INSERT, Index). If not specified, the first variable message part is returned. Note: You cannot read the static part of message texts.	Script literal, number, or script variable	n.a.	1

Parameter

Description

Format

Allowed Values

Default Value

Keyword

Name of the field whose contents you want to retrieve for this event.

AE name or script variable

CATEGORY — Event category
EVENT_ID — ID of the event
INSERT — Accesses a specific variable message part
INSERT_COUNT — Retrieves the number of variable message parts you can access
SOURCE — Event source
TIMESTAMP — Date and time
TYPE — Event type. Return codes:
- I — Information
- W — Warning
- E — Error
- S — Success audit
- F — Failure audit
USER — User

n.a.

Index

(Optional)

Allows you to access the variable message parts of Windows message texts in the description field of the Event Viewer details. Use only together with the INSERT keyword (INSERT, Index). If not specified, the first variable message part is returned.

Note: You cannot read the static part of message texts.

Script literal, number, or script variable

n.a.

Examples

The following example retrieves the number of variable message parts in the description field of the Event Viewer details, stores it in &COUNT#, and then loops through each part, writing the INSERT values to the activation report.

: SET &COUNT# = GET_WIN_EVENT ("INSERT_COUNT")

: SET &IDX# = 1

: WHILE &IDX# <= &COUNT#

: SET &INSERT# = GET_WIN_EVENT ("INSERT", &IDX# )

: SET &HELP# = FORMAT (&IDX#, "000" )

: PRINT "INSERT[&HELP#] = '&INSERT#'"

: SET &IDX# = ADD (&IDX# , 1)

: ENDWHILE

The complete message of the event details could look like the following:

User "00432233778822#0001" has established a connection with "T-Online" by using the "AVMISDN1" adapter.

The variable message parts are logged in the activation report as follows:

20220117/193135.000 - U0020408 INSERT[002] = 'T-Online'
20220117/193135.000 - U0020408 INSERT[003] = 'AVMISDN1'