Text only | Text with Images

WinBatch® Technical Support Forum

All Things WinBatch => WinBatch => Topic started by: spl on December 08, 2025, 06:29:42 AM

Title: Event Log Files
Post by: spl on December 08, 2025, 06:29:42 AM
Below is a simple iteration of a computer Event log files with Names and {optional} number of records. Wondered if there was a method to track latest changes to any specific log, i.e. within last 10 minutes.
Code Select
;Winbatch 2025A - Display NT Event Log Files
;Stan Littlefield, 12/8/2025
;========================================================================
IntControl(73,1,0,0,0)
gosub udfs
Computer = "."
class =  "Win32_NTEventLogFile"
LogCreate()
Exit
;========================================================================
:WBERRORHANDLER
geterror()
Terminate(@TRUE,"Error Encountered",errmsg)
;========================================================================
:udfs
#DefineSubRoutine geterror()
   wberroradditionalinfo = wberrorarray[6]
   lasterr = wberrorarray[0]
   handlerline = wberrorarray[1]
   textstring = wberrorarray[5]
   linenumber = wberrorarray[8]
   errmsg = "Error: ":lasterr:@LF:textstring:@LF:"Line (":linenumber:")":@LF:wberroradditionalinfo
   Return(errmsg)
#EndSubRoutine

#DefineSubRoutine LogCreate()
IntControl(73,1,0,0,0)
Locator = CreateObject("WbemScripting.SWbemLocator")
Service = Locator.ConnectServer(Computer,"root\CIMv2")
query = "SELECT * FROM ":class
Results = Service.ExecQuery(query)
output = ""
ForEach r In Results
   if  r.NumberOfRecords >=0  ; or just >0 for only active logs
      evt = "Name: " : r.Name : @CRLF:  "Number Of Records " : r.NumberOfRecords:@CRLF
      output = output:evt
   endif
Next
Locator = 0
Message("Event Logs Files",output)
Return
:WBERRORHANDLER
geterror()
Terminate(@TRUE,"Error Encountered",errmsg)
#EndSubRoutine

Return
;========================================================================
Title: Re: Event Log Files
Post by: td on December 08, 2025, 09:03:45 AM
An old but useful example of targeting a specific event log:

Old Tech Database script (https://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/WMI+Best~Way~to~Read~Event~Log~via~WMI.txt)

Interestingly, on a whim, I found this article using an AI LLM.
Title: Re: Event Log Files
Post by: spl on December 08, 2025, 10:27:45 AM
Quote from: td on Today at 09:03:45 AMAn old but useful example of targeting a specific event log:

Old Tech Database script (https://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/WMI+Best~Way~to~Read~Event~Log~via~WMI.txt)

Interestingly, on a whim, I found this article using an AI LLM.

Yeah, I figured there was already something out there. I am looking into something very specific, like being able to iterate events from my Spybot event log within 10 minute intervals... sort of an event for the events.

[EDIT]
"Select * from __InstanceCreationEvent within 10 WHERE TargetInstance ISA 'Win32_NTLogEvent'"
Text only | Text with Images