Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

	User Sample Code
	WMI_Scripter

• !Microsofts WMI Object Browser!
• !WMI Reference!
• !WMI Security!
• Add Key Qualifier
• Backup Event Log
• Best Way to Read Event Log via WMI
• Check if WMI is Installed
• Clear Event Log via WMI
• Close All but One Instance
• Detect If monitor is in Standby Mode
• Detect Resume From Standby
• Detect Standby or Hibernation Event
• Detecting Local Network Connectivity and Speed
• Determine Laptop or Destop System Enclosure
• Determine Machine Type
• Determining If a Machine is a Domain Controller
• Directory Watcher
• Display Refresh Rate
• Error 1261 on ConnectServer line
• Extract SN from Bios using WMI
• fileSizeEX returns 0 for the Pagefile.sys file
• Get Asset Tag From Dell Computers
• Get Daylight Savings Time
• Get Default Printer
• Get ipv6 IP Address via Host Name
• Get Owner of a Process
• Get Physical Memory
• Get Process List via WMI
• Get Remote Logged in User
• Get Specific Events
• Get Status of Network Adapter
• Get Win32_DiskDrive Data with DeviceID
• Install MSI apps
• Is Computer WMI Enabled UDF
• Last Reboot Time
• List Active Network Adapters
• List All Monitors
• List Available Screen Resolutions
• List Installed Modems
• List Namespaces
• List Processes on a Remote Computer
• List Scheduled Tasks
• Manufacturer Model and Serial from WMI
• Modify DNS Entries
• Monitor Events
• Obtain the Name of the Domain to which the Computer Belongs
• PCMCIA Card Detection
• Physical Memory Inspection
• Ping Status
• Remote Number of Drives
• Remote Process UDFs
• Run an Application on a Remote Computer
• Search Eventlog Example
• Set Adapter Speed Duplex
• SetDNSSuffixSearchOrder MisMatched Type Error
• System Restore Point
• Total CPU Usage
• Using WMI List Applications
• Win32_EncryptableVolume
• Win32_SerialPort Information via WMI
• Windows NT Schedule Service - AT
• WMI - Processor Info
• WMI and Arrays
• WMI and Get IPAddress Property
• WMI and Remote Interactive Desktop Scripts
• WMI and WinPE
• WMI causing LLSMGR to start
• WMI ExecQuery
• WMI Get Fan Speed
• WMI Get MAC Address and NIC info
• WMI hangs
• WMI ObjectOpen Problem on Windows 95
• WMI Query Paths Need Double Backslashes
• WMI Related Resources
• WMI Scriptomatic
• wntGetCon using WMI
• WQL LIKE Operator

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Best Way to Read Event Log via WMI

---

If you're working with a managed resource that returns a lot of instances (we'll define a lot as more than 1000 for the purpose of this discussion), you can optimize the behavior of ExecQuery through the use of optional flags. For example, suppose you use ExecQuery to query Event Log records (modeled by the Win32_NTLogEvent class). As you already know, the Event Log(s) can contain thousands and thousands of records. By default, you may encounter performance problems associated with queries that return large result sets, such as Event Log queries. The reason has to do with the way WMI caches a SWbemObject reference for each and every instance, or in our example, for each and every Event Log record. To avoid the problem, you can tell ExecQuery to return a forward-only SWbemObjectSet, as demonstrated below.

Note The wbemFlagReturnImmediately flag is the default ExecQuery behavior and is semi-synchronous. The important optimization is the addition of the wbemFlagForwardOnly flag. Combining wbemFlagReturnImmediately with wbemFlagForwardOnly results in a forward-only enumerator. A forward-only enumerator performs much faster than the default enumerator, because WMI doesn't maintain references to objects in the SWbemObjectSet.

Reference: http://msdn.microsoft.com/library/en-us/dnclinic/html/scripting01142003.asp?frame=true

BoxOpen("Event monitor","")

strComputer = "."
strUser = ""
strPassword = "" 
strNamespace = "\root\cimv2"
strClass = "Win32_NTLogEvent"

wbemFlagReturnImmediately = 16
wbemFlagForwardOnly = 32

objSWbemLocator = ObjectOpen("WbemScripting.SWbemLocator")
objSWbemServices = objSWbemLocator.ConnectServer(strComputer,"root/cimv2",strUser,strPassword)
objSWbemSecurity = objSWbemServices.Security_
objSWbemSecurity.ImpersonationLevel = 3
objSWbemPrivs = objSWbemSecurity.Privileges
objSWbemPrivs.AddAsString("SeSecurityPrivilege"); Sets security privilege

;query =  StrCat("SELECT * FROM " , strClass) ;Query all logs
query =  StrCat("SELECT * FROM " , strClass," WHERE LogFile = 'Application'")
;query =  StrCat("SELECT * FROM " , strClass," WHERE LogFile = 'Security'")
;query =  StrCat("SELECT * FROM " , strClass," WHERE LogFile = 'System'")

colSWbemObjectSet = objSWbemServices.ExecQuery(query, "WQL",wbemFlagReturnImmediately + wbemFlagForwardOnly)

objSWbemObject = ObjectCollectionOpen(colSWbemObjectSet)

While @true
	objEvent = ObjectCollectionNext(objSWbemObject)
	If objEvent == 0 Then Break
	
	line = StrCat(" ",objEvent.EventCode)
	line = StrCat(line,", ",objEvent.SourceName)
	date = objEvent.TimeWritten
	newdate = StrCat(StrSub(date, 7, 2), "/", StrSub(date, 5, 2), "/", StrSub(date, 1, 4), " ", StrSub(date, 9, 2), ":", StrSub(date, 11, 2), ":", StrSub(date, 13, 2))
	line = StrCat(line,", ",newdate, @CRLF)
	line = StrCat(line,objEvent.Message)
	line = StrReplace(line, @TAB, " ")
	EventType = objEvent.EventType
	checkevent = objEvent.EventCode
	BoxTitle(StrCat("Code: ",checkevent," Type: ", EventType))
	BoxText(line)
	ObjectClose(objEvent)
EndWhile

ObjectCollectionClose(objSWbemObject)
ObjectClose(colSWbemObjectSet)
ObjectClose(objSWbemPrivs)
ObjectClose(objSWbemSecurity)
ObjectClose(objSWbemServices)
ObjectClose(objSWbemLocator)

---

Article ID:   W16268

File Created: 2004:04:07:14:23:40

Last Updated: 2004:04:07:14:23:40