Overview -h.schools.nsw.edu.au



Task 2 - Part B - Notes on going back in time

In order to query the Windows event log, we need to specify a start time, otherwise we will just get all the data, and that would be way too much! Our program will ask for event data beginning a certain number of hours before the current time. For example when we say:

showEvents -goback 100

we are asking our script to request event data starting from 100 hours ago, up to the current time. When issuing the request, our script needs to specify this start time in WMI date time format.

Your deliverable for this part is a function which takes two arguments:

• 'time', is a time from which to go back. This will be the current time in the final program.

• 'goBackHours', the number of hours to go back. The function returns a time that is goBackHours before the current time.

Pseudocode

function getWmiStartDateTime(time, goBackHours)

startTime = time - goBackHours

utcOffset =

wmiTime =

return wmiTime

Getting the current time

To get the current time to pass into this function, you will use the Python datetime module, specifically the now() method. See the example 'now.py' (available under 'Your tools for this task') for further advice.

Subtracting time values

The pseudocode shows a simple subtraction of the integer goBackHours from the startTime. While this is logically correct in a general way, the operation cannot be done directly. How, for example, would the Python datetime object know that the goBackHours value represents hours? It might just as well represent minutes, or months.

To do a subtraction with time values, you first need to represent the goBackHours as a timedelta object. An example of this is shown in the sample file 'subtracttimes.py' (available under 'Your tools for this task').

Getting the UTC offset

The WMI time requires a UTC offset at the end (e.g. for Sydney, it is +600, representing 600 minutes or 10 hours ahead of UTC time). You could just insert this offset, but then your program would not work in other time zones.

To obtain the UTC offset, you can use the time.timezone property. See the example 'timezone.py'. There is a couple of small complications:

• This property is the negative of what we want - it is negative when the UTC offset is positive.

• This property is expressed in seconds rather than minutes.

You just need to use some simple arithmetic to get the correct offset from time.timezone.

Formatting the WMI time string

Compose the WMI time string by getting the individual components (year etc) from your startTime variable, and the UTC offset from time.timezone, and format them using the Python string formatting operator. Examples of the Python formatting are shown in 'pythonformat.py'

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download