PHP in Windows. Can I read from the Event Log?

>I had no luck in my google search for this answer.

>Does anyone know if it's possible to read the entries in the Windows
Event Log of the server running my PHP page?

That sounds like an EXTREME security risk on a shared server and a
security risk if the people who can access your page aren't admins
of the server in question. There's lots of sensitive stuff in
there (like valid usernames).

>I'm trying to create an
itranet page that lists errors from the server event log.... I'd
prefer a pure PHP solution, but I'd be happy to try other alternatives
that involve call outs to non-PHP code.

Does Windows have anything that prints event logs in text form?
The Event Viewer lets you save in text form, but moving the mouse from
PHP is difficult.

That sounds like an EXTREME security risk on a shared server and a
security risk if the people who can access your page aren't admins
of the server in question.

I know that. That's why I mentioned this is an intranet site. I have
the plan in place to restrict access for the right people only. But
thanks for the positive advice anyway :)

Does Windows have anything that prints event logs in text form?
The Event Viewer lets you save in text form, but moving the mouse from
PHP is difficult.

I'm not very experienced with PHP but I can tell you that there will
be no mouse in this scenario. What I'm looking for is some library or
function that I can call, like GetEventLogEntries("Application", 10),
which would return me the last 10 entries in the Applications event
log. I know there are windows API calls deal with the event logs, but
I don;t know how to use them in PHP.

Thanks for the reply.

- Sergio

"sergio-p" <se*******@gmail.comwrote in message
news:11**********************@t69g2000cwt.googlegr oups.com...

>I'm trying to create an
intranet page that lists errors from the server event log.... I'd
prefer a pure PHP solution, but I'd be happy to try other alternatives
that involve call outs to non-PHP code.

The big advantage, it seems to me, of a web based event log viewer would be
that a web interface could be routed over IP to remote locations. If all
you need is local viewing capability over the local intranet, perhaps you
can get by with using the event log viewer to view your remote systems.
Since you need direct RPC access to each system, this would be inherently
more secure than using a web browser, where you might need to specifically
intercept local systems in the router, or use a non-routable IP address such
as 192.168.xxx.xxx. BTW, the account you use for viewing does not need to
be in the admin group, but it will require the "auditing and security log"
permissions on each system whose log will be viewed.

The callouts themselves are not that hard to implement, though it's been a
while since I've done so. Google first for the terms IIS ISAPI Event Log to
see if someone else has already done this. Maybe you'll luck out. Then
pick your language - generally VB, or C++ - and build an isapi dll with the
calls you need. Install that dll on a particular server to export those
functions to php, (or any server side script). That server can then be used
to access all the other servers via the remote capability of the event log
api, or you can run a server on each system you want to monitor. There is
one kicker, though. The text message associated with each event log entry
is normally embedded, as a string table resource, in the DLL that generated
the error, so you must have a copy of the DLL's you care about on the same
system - the IIS server - that you are decoding the events on.

If your software is hard to use or install, you'll find that people won't
use it, and will just walk over to the system they are wondering about. Do
have some way of filtering events by severity and date range. It is tedious
using the event viewer to look through the event logs of several systems on
a regular basis, and even more so using a web interface with a relatively
primitive viewing interface.

So a third solution would be to price out a third party utility for
interpreting and filtering remote event logs, and generating a notification
when a serious error or security breach happens. There are many such
products out there, and I imagine these are in the several hundred to
thousand dollar range. This may turn out to be your best bet in the end,
depending on how busy you are, how much you want to learn, and how much your
time is worth to your boss. If nothing else, download a trial version of
one of these products to get an idea of what features you'll want to
implement. Here's one to get you started:
http://www.gfi.com/lanselm/?adv=52&l...ickid=10739086
--
Mike Russell
www.curvemeister.com/forum/

Hi Mike, thanks for your response.
The reason I wanted a purely PHP is because I have done it before in
ASP.NET and find it EXTREMELY useful for me and the sysadmins in my
company.
You can check the ASP.NET solution I developed over here: http://
www.codeproject.com/aspnet/EventLogRss.asp

So, in the end it spits out RSS, then I can read it using a browser or
RSS reader. I can also re-syndicate and merge a whole group of servers
into a single RSS feed. Having a feed like that is all I need to enjoy
notifications and reporting straight from the RSS reader, no more code
needed from me.

Some developers approached me asking for a PHP version and I'm trying
to help them out.

Thanks
- Sergio
On Feb 16, 2:09 pm, "Mike Russell" <RE-MOVEm...@Curvemeister.comRE-
MOVEwrote:

"sergio-p" <sergio...@gmail.comwrote in message

news:11**********************@t69g2000cwt.googlegr oups.com...

I'm trying to create an
intranet page that lists errors from the server event log.... I'd
prefer a pure PHP solution, but I'd be happy to try other alternatives
that involve call outs to non-PHP code.

The big advantage, it seems to me, of a web based event log viewer would be
that a web interface could be routed over IP to remote locations. If all
you need is local viewing capability over the local intranet, perhaps you
can get by with using the event log viewer to view your remote systems.
Since you need direct RPC access to each system, this would be inherently
more secure than using a web browser, where you might need to specifically
intercept local systems in the router, or use a non-routable IP address such
as 192.168.xxx.xxx. BTW, the account you use for viewing does not need to
be in the admin group, but it will require the "auditing and security log"
permissions on each system whose log will be viewed.

The callouts themselves are not that hard to implement, though it's been a
while since I've done so. Google first for the terms IIS ISAPI Event Log to
see if someone else has already done this. Maybe you'll luck out. Then
pick your language - generally VB, or C++ - and build an isapi dll with the
calls you need. Install that dll on a particular server to export those
functions to php, (or any server side script). That server can then be used
to access all the other servers via the remote capability of the event log
api, or you can run a server on each system you want to monitor. There is
one kicker, though. The text message associated with each event log entry
is normally embedded, as a string table resource, in the DLL that generated
the error, so you must have a copy of the DLL's you care about on the same
system - the IIS server - that you are decoding the events on.

If your software is hard to use or install, you'll find that people won't
use it, and will just walk over to the system they are wondering about. Do
have some way of filtering events by severity and date range. It is tedious
using the event viewer to look through the event logs of several systems on
a regular basis, and even more so using a web interface with a relatively
primitive viewing interface.

So a third solution would be to price out a third party utility for
interpreting and filtering remote event logs, and generating a notification
when a serious error or security breach happens. There are many such
products out there, and I imagine these are in the several hundred to
thousand dollar range. This may turn out to be your best bet in the end,
depending on how busy you are, how much you want to learn, and how much your
time is worth to your boss. If nothing else, download a trial version of
one of these products to get an idea of what features you'll want to
implement. Here's one to get you started:http://www.gfi.com/lanselm/?adv=52&l...ickid=10739086
--
Mike Russellwww.curvemeister.com/forum/

"sergio-p" <se*******@gmail.comwrote in message
news:11*********************@l53g2000cwa.googlegro ups.com...
....

You can check the ASP.NET solution I developed over here: http://
www.codeproject.com/aspnet/EventLogRss.asp

So, in the end it spits out RSS, then I can read it using a browser or
RSS reader. I can also re-syndicate and merge a whole group of servers
into a single RSS feed. Having a feed like that is all I need to enjoy
notifications and reporting straight from the RSS reader, no more code
needed from me.

That's very elegant, I must say. I particularly like the way you can
aggregate the feeds and monitor everything on one screen.
--
Mike Russell
www.curvemeister.com/forum/

On 2007-02-15 10:56:48 -0600, "sergio-p" <se*******@gmail.comsaid:

I had no luck in my google search for this answer.
Does anyone know if it's possible to read the entries in the Windows
Event Log of the server running my PHP page? I'm trying to create an
itranet page that lists errors from the server event log.... I'd
prefer a pure PHP solution, but I'd be happy to try other alternatives
that involve call outs to non-PHP code.

Thanks in advance.
- Sergio

Well if you can find an ms dos command that will export the log into a
..txt or .csv you can do it in PHP. `` quotes are meant for shell
commands or you can also use exec() function for that. All you got to
do in php is parse the file.

Maybe there are 3rd party apps that can export the windows log into an
xml file, than you don't need php at all. Whole bunch of xsl sheets and
you got your rss feed done.

On Feb 16, 10:00 pm, katman <katma...@bk.ruwrote:

Well if you can find an ms dos command that will export the log into a
.txt or .csv you can do it in PHP. `` quotes are meant for shell
commands or you can also use exec() function for that. All you got to
do in php is parse the file.

Nice idea. In XP I can use this command line:
cscript %systemroot%\system32\eventquery.vbs /l APPLICATION /r 10

In W2K3 I think I'd have to use elogdmp.

I still don't know if I can get the actual text of the message
(instead of just title and time stamp), but I'm much closer to the
solution now.

Thanks for all the good input.
- Sergio