use Win32::EventLog;
	use Win32::Security::SID;
	
	my $server = shift;
	my $path = shift;
	my $einDate= shift;
	my $eventlogtyp =shift;
	my($log) = @_;
	my ($evt,$total,$oldest,$evtHashRef);
	my $start = 0;
	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst);
	my $sl = 0; #stringlänge;
	my $evtDate;
	my $nl = 0;
	my($filename)=$server."_".$eventlogtyp.'_'.$einDate;
	
	$evt = Win32::EventLog->new($path) || die "Could not open $log log on $server: $!\n";
	$evt->GetNumber($total) || die "Can't get number of EventLog records: $!\n";
	$evt->GetOldest($oldest) || die "Can't get number of oldest EventLog record: $!\n";
		
	open(file, ">E:\\Share\\logs\\events\\\\$filename.txt") or die "$!\n";
		print file "Typ\t\tDatum       Zeit\tQuelle\t\t\tKategorie\tEreignis\tBenutzer\t\t\tComputer\tFehlermeldung\n";
	close (file);
	$|=1;
	print "$start\t$total\n";
	while ($start < $total) {
		#print ".";
		$evt->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$oldest+$start,$evtHashRef) || die "Can't read EventLog entry #$start\n";
		($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)= localtime(${$evtHashRef}{TimeGenerated});
		$evtDate = "$mday.".($mon+1).".".($year+1900);
		
		if ($evtDate == $einDate) {
			print "$evtDate ";
			open(file, ">>E:\\Share\\logs\\events\\\\$filename.txt");
			#1. EventType = 0,'Error',2,'Warning',4,'Information',8,'Audit success',16,'Audit failure'
				if (${$evtHashRef}{EventType} == 1) { print file "Fehler\t\t"; }
				elsif (${$evtHashRef}{EventType} == 2) { print file "Warning\t\t"; }
				elsif (${$evtHashRef}{EventType} == 4) { print file "Information\t"; }
				elsif (${$evtHashRef}{EventType} == 8) { print file "Überprüfung erfolgreich\t"; }
				elsif (${$evtHashRef}{EventType} == 16) { print file "Fehler bei der Überprüfung\t"; }
				else { print file "Fehlertyp: ${$evtHashRef}{EventType}\t"; }	
			#2. Conversion of the date 
				($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)= localtime(${$evtHashRef}{TimeGenerated});
			#2. Date
				print file "$mday.".($mon+1).".".($year+1900)."   ";
				#print "$mday.".($mon+1).".".($year+1900)."   ";
			#3. Time
				print file "$hour:$min:$sec\t";
				#print "$hour:$min:$sec\t";			#4. Scource
				$sl=length(${$evtHashRef}{Source});
				if ($sl < 7) {
					print file "${$evtHashRef}{Source} \t\t\t";
				} elsif($sl < 16) {
					print file "${$evtHashRef}{Source} \t\t";
				} else {
					print file "${$evtHashRef}{Source} ";
				}
			
			#5.Category
				if (${$evtHashRef}{Category} == 0) { print file "Keine \t\t" }
				else {print file "${$evtHashRef}{Category} \t\t";	}
			#6. EventID
			my $id = (${$evtHashRef}{EventID} & 0xffff);
			print file "$id \t\t";
			#7. User & SID convert to username
				my $name = Win32::Security::SID::ConvertSidToName(${$evtHashRef}{User});
				if ($name eq 'UNDEFINED_SID') {$name = "nicht zutreffend" }
				#same as Scource
				$nl=length($name);
				if ($nl < 7) { print file "$name \t\t\t\t";}
				elsif($nl < 16) { print file "$name \t\t\t";}
				elsif($nl < 22) { print file "$name \t\t";}
				else { print file"$name \t";}
			#8. Computer
				print file "${$evtHashRef}{Computer} \t";
			#9. Massage		
				Win32::EventLog::GetMessageText($evtHashRef);
				my $msg = $evtHashRef->{Message};
				print file "$msg";
		}
		
		print file "\n";
		close (file);
  	$start++;
	}