Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: monitor event system security application
Locator = ObjectOpen("WbemScripting.SWbemLocator") Service = Locator.ConnectServer() Security = Service.Security_ Security.ImpersonationLevel = 3 EventSource = Service.ExecNotificationQuery("select * from __InstanceCreationEvent where TargetInstance isa 'Win32_NTLogEvent'")And here is a link to a working VBScript that does what I eventually intend to do: http://cwashington.netreach.net/depo/default.asp?topic=wmifaq
It's the one on the list that reads, "Listen For Windows NT Event Log Events on The Local System". Help!!
I found an interesting thread at groups.google.com that indicated when you try to read from all existing eventlogs, this includes the security log. To read that, you have additionally to specify:
objService.Security .Privileges.AddAsString("SeSecurityPrivilege")http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=e6856c49d51fae90&seekm=%23bks5W5NAHA.282%40cppssbbsa02.microsoft.com#s
So maybe try the following code:
Locator = ObjectOpen("WbemScripting.SWbemLocator") Service = Locator.ConnectServer() Security = Service.Security_ Security.ImpersonationLevel = 3 Privs = Security.Privileges Privs.AddAsString("SeSecurityPrivilege");<<<<< Sets security privilege EventSource = Service.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'") ;Wait for an event by executing the NextEvent method on the ;SWbemEventSource object. num = 0 while (num < 5) inst = EventSource.NextEvent(-1) targ = inst.TargetInstance message("logfile",targ.Logfile) message("Message",targ.Message) num = num + 1 ObjectClose(inst) EndWhile ObjectClose(Security) ObjectClose(Service) ObjectClose(Locator) Exit
Article ID: W15788
File Created: 2003:05:13:11:30:06
Last Updated: 2003:05:13:11:30:06