WindowsのイベントをPythonで取得する方法のメモ

試しに起動とシャットダウンの時刻を取得し表示した

import win32evtlog
import winerror

h_event_log = win32evtlog.OpenEventLog("localhost", "System")
flags = win32evtlog.EVENTLOG_FORWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
events = win32evtlog.ReadEventLog(h_event_log, flags, 0)

# [Windowsの起動やスリープなどの履歴を調べてみた！ – A2\-blog](https://edit-anything.com/blog/windows-power-log.html)
target_ids = [6005, 6006, 6008, 7001, 7002]
start_end_map = {
  6005: True,
  6006: False,
  6008: False,
  7001: True,
  7002: False
}
events = True
while events:
  events = win32evtlog.ReadEventLog(h_event_log, flags, 0)
  for event_obj in events:
    event_time = event_obj.TimeGenerated
    event_id = winerror.HRESULT_CODE(event_obj.EventID)

    if event_id in target_ids:
      if start_end_map[event_id]:
        print(event_id, event_time)
      else:
        print("\t", event_id, event_time)