Get reboot history with python in Windows

Question

I was trying to get the reboot historical from a Windows 10 computer with python but I'm affraid I can't read event-viewer.

Is there any option to get something similar to this powershell line?

get-eventlog system | where-object {$_.eventid -eq 1074} | select Timegenerated, EntryType, Message

the main idea is to do this "query" to a computer's list in local network.

Answer 1

The simplest approach is to call PowerShell's CLI from Python: Windows PowerShell: powershell.exe; PowerShell [Core] v6+: pwsh.exe.

The following Python 3.6+ solution uses powershell.exe

# Python 3.6+ 
# (Solutions for earlier versions are possible.)

import subprocess

output = subprocess.run([
    'powershell.exe', 
    '-noprofile', 
    '-executionpolicy',
    '-bypass',
    '-c', 
    'get-eventlog system | where-object {$_.eventid -eq 1074} | select Timegenerated, EntryType, Message'
  ], 
  capture_output=True)

# CAVEAT: The *system*'s OEM code page is assumed for decoding the 
#         raw captured stdout output to text.
#         Any in-session changes to the active OEM code page via `chcp`
#         are NOT recognized; e.g., if you've changed to page 65001 (UTF-8)
#         you must use 'utf-8' explicitly.
print(output.stdout.decode('oem'))

Pros and cons:

• The advantage of this approach is that you can reuse the existing PowerShell command as-is, which gives all the high-level functionality that PowerShell has to offer.

• The disadvantages are:

  • Slow performance, due to the overhead of launching a PowerShell process (though in the case of a long-running process such as this one that probably won't matter)

  • The need to parse the for-display command output returned from the PowerShell command. Conceivably, you can pass -of XML in order to make PowerShell output CLIXML and parse the XML in Python); a simpler option is to modify the Powershell command to return more structured output, such as appending | ConvertTo-Csv or
    | ConvertTo-Json to the command.