(1)模拟创建一个日志文件.txt
关键字 日期和时间 来源 事件ID 任务类别
审核成功 2018/9/11 12:17:15 Security-Auditing 4672 Special Logon
审核成功 2018/9/11 12:17:15 Security-Auditing 4624 Logon
审核成功 2018/9/11 12:17:14 Security-Auditing 4672 Special Logon
审核成功 2018/9/11 12:17:14 Security-Auditing 4624 Logon
审核成功 2018/9/11 12:17:07 Security-Auditing 4672 Special Logon
审核成功 2018/9/11 12:17:07 Security-Auditing 4624 Logon
审核成功 2018/9/11 12:09:27 Security-Auditing 4672 Special Logon
审核成功 2018/9/11 12:09:27 Security-Auditing 4624 Logon
(2)用 seek()函数从后往前搜索
f = open('日志文件','rb')
for i in f:
offs = -70 #设置偏移量(估计最后一行长度)
while True:
f.seek(offs,2)
data = f.readlines()
if len(data) > 1:
print(data[-1].decode('utf8'))
break
offs *=2
f.close()
返回值:
审核成功 2018/9/11 12:09:27 Security-Auditing 4624 Logon