win32evtlog.EvtSubscribe

PyEVT_HANDLE = EvtSubscribe(ChannelPath, Flags , SignalEvent , Callback , Context , Query , Session , Bookmark )

Requests notification for events

Parameters

ChannelPath : str

Name of an event log channel

Flags : int

Combination of EvtSubscribe* flags determining how subscription is initiated

SignalEvent=None : Py_HANDLE

An event handle to be set when events are available (see win32event::CreateEvent)

Callback=None : function

Python function to be called with each event

Context=None : object

Arbitrary object to be passed to the callback function

Query=None : str

XML query used to select specific events, use None or '*' for all events

Session=None : PyEVT_HANDLE

Handle to a session on another machine, or None for local

Bookmark=None : PyEVT_HANDLE

If Flags contains EvtSubscribeStartAfterBookmark, used as starting point

Comments

Accepts keyword args

The method used to receive events is determined by the parameters passed in. To create a push subscription, define a callback function that will be called with each event. The function will receive 3 args: First is an integer specifying why the function was called (EvtSubscribeActionError or EvtSubscribeActionDeliver) Second is the context object passed to EvtSubscribe. Third is the handle to an event log record (if not called due to an error) If an event handle is passed in, a pull subscription is created. The event handle will be signalled when events are available, and the subscription handle can be passed to win32evtlog::EvtNext to obtain the events.