Reputation: 515
How to retrieve PID from windows event log?
I have a python code that uses WMI module of python to get windows event viewer logs. But I am unable to retrieve the PID of the process that generated the log.
My code :
wmi_obj = wmi.WMI('.') #Initialize WMI object and query.
wmi_query = "SELECT * FROM Win32_NTLogEvent WHERE Logfile='System' AND EventType=1"
query_result = wmi_obj.query(wmi_query) # Query WMI object
query_result is a list of wmi objects. Each object in this list is a windows system log and I want PID of the process that generated this log. I have gone through several msdn docs but couldn't find anything useful there.
I want to retrieve the information marked in the above image.
Upvotes: 2
Views: 8537
Answers (1)
Reputation: 33223
The Win32 API call to get event log items is ReadEventLog and this returns EVENTLOGRECORD structures. These do not have a field for a process identifier so unless your events have included this in the data of the event message it looks like this will not be available.
Upvotes: 0
Related Questions
- Read Specific Windows Event Log Event
- how to read event logs under "Applications and Services Logs" in python?
- How do I get a PID from a window title in windows OS using Python?
- How can I list EventIDs with Qualifiers using win32evtlog
- How to notify a specific windows log event?
- Get list of Windows 8.1 processes using Python
- Reading windows event log using win32evtlog module
- Get an event object from win32evtlog.EvtQuery results
- Log to windows event log on server 2012 etc
- Reading windows event log in Python using pywin32 (win32evtlog module)