Monitor Events

Wilson WindowWare Tech Support

WinBatch WinBatch+Compiler WebBatch
Home | Tech Database | Tech BBS | White Papers | Purchase

Monitor Events
 Keywords: monitor event system security application 
Question:
I can't seem to get the ExecNotificationQuery() method of an SWbemServices object to do anything but cause a WinBatch OLE Exception 1261. Meanwhile, the ExecQuery() method works great to return a collection from a WQL query. The difference is that the ExecNotificationQuery() returns an SWbemEventSource object (read more at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/swbemeventsource.asp?frame=true), while ExecQuery() returns an SWbemObjectSet collection object (read more at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/swbemobjectset.asp?frame=true). Here is the WinBatch code I'm trying to use:
Locator = ObjectOpen("WbemScripting.SWbemLocator") Service = Locator.ConnectServer() Security = Service.Security_ Security.ImpersonationLevel = 3 EventSource = Service.ExecNotificationQuery("select * from __InstanceCreationEvent where TargetInstance isa 'Win32_NTLogEvent'")
And here is a link to a working VBScript that does what I eventually intend to do: http://cwashington.netreach.net/depo/default.asp?topic=wmifaq
It's the one on the list that reads, "Listen For Windows NT Event Log Events on The Local System". Help!!
Answer:
It seems to have something to do with the sercurity/impersonation levels seen at the top of a WMI script.
I found an interesting thread at groups.google.com that indicated when you try to read from all existing eventlogs, this includes the security log. To read that, you have additionally to specify:
objService.Security .Privileges.AddAsString("SeSecurityPrivilege")
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=e6856c49d51fae90&seekm=%23bks5W5NAHA.282%40cppssbbsa02.microsoft.com#s
So maybe try the following code:
Locator = ObjectOpen("WbemScripting.SWbemLocator")
Service = Locator.ConnectServer()
Security = Service.Security_
Security.ImpersonationLevel = 3
Privs = Security.Privileges
Privs.AddAsString("SeSecurityPrivilege");<<<<< Sets security privilege

EventSource = Service.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'")

;Wait for an event by executing the NextEvent method on the 
;SWbemEventSource object.
num = 0
while (num < 5)
    inst = EventSource.NextEvent(-1)
    targ = inst.TargetInstance
	 message("logfile",targ.Logfile)
	 message("Message",targ.Message)
    num = num + 1
	 ObjectClose(inst)
EndWhile

ObjectClose(Security)
ObjectClose(Service)
ObjectClose(Locator)
Exit