Forums | Admin Discussion Forums: help Start New Thread Nested Flat Threaded Ultimate Show 25 Show 50 Show 75 Show 100   By: Graham Cowie RE: Windows event log descriptions [ reply ]   2008-11-01 08:26 Sorry, I was not very clear. Within an event log description is a number of other fields ie. puts "Event Type: #{entry.event_description}" } when you execute the following code, you get data from every field of the event description. I just want one field for example a 528 event has a 'logon type' field which contains a number. How would i get that and only that from the event description? Sorry for the confusion. By: Daniel Berger RE: Windows event log descriptions [ reply ]   2008-10-31 18:37 Hi Graham, require 'win32/eventlog' include Win32 EventLog.open do |log| log.read.each{ |entry| puts "Event Type: #{entry.event_type}" } end When you read an eventlog entry, win32-eventlog stores that information in anStruct::EventLogStruct that has its own data members. You can inspect one of the structs to see all the members that are available. Regards, Dan By: Graham Cowie Windows event log descriptions [ reply ]   2008-10-31 16:06 Dan, I have been looking through your coding for Windows event logs. I want to extract only one piece of data from the event description as apposed to all of it. I only want the event type to be printed, how would i got about this? regular expressions? Regards