Trying to get info from EventViewer

Started by mcvpjd3, July 04, 2014, 03:25:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mcvpjd3

July 04, 2014, 03:25:59 AM
I'm trying to some info from event viewer, normally I'd use this code...

Code (winbatch) Select
objSWbemLocator = GetObject("winmgmts:")
objEventSet = objSWbemLocator.ExecQuery("select * from Win32_NTLogEvent where Logfile='System' and EventCode='7001' and SourceName='Microsoft-Windows-Winlogon' and Message='User Logon Notification for Customer Experience Improvement Program'")
if objEventSet.Count == 0
   ;message("Notice","No Events 7001")
   objEventSet = 0
   objSWbemLocator = 0
   exit
endif


but I'm trying to get info (Boot Duration) from the "Microsoft-Windows-Diagnostics-Performance/Operational" log, but when I use "objEventSet = objSWbemLocator.ExecQuery("select * from Win32_NTLogEvent where Logfile='Microsoft-Windows-Diagnostics-Performance/Operational' and EventCode='100'") " I get nothing back. I've also tried just using "Microsoft-Windows-Diagnostics-Performance", but again t no avail. Has anyone tried this before or have any suggestions?

Thanks

Deana

#1
July 07, 2014, 08:32:05 AM
Apparently the Win32_NtLogEvent exposes events logged in classic event logs, however it does not seem to expose events from the more recent event logs (introduced in Vista), like Microsoft-Windows-Diagnostics-Performance/Operational.

Reference: http://stackoverflow.com/questions/8155085/wmi-query-2008-performace-counters-alerts

I wonder if this log can be accessed using the dotNet 'System.Diagnostics.Eventing.Reader.EventLogQuery': http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/dotNet/System_Core+Query~EventLogs.txt

Reference:
http://msdn.microsoft.com/en-us/library/bb671204(v=vs.90).aspx
http://msdn.microsoft.com/en-us/library/bb671199(v=vs.90).aspx 
Deana F.
Technical Support
Wilson WindowWare Inc.
Print
Go Up Pages1
User actions