WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WMI
plus
plus

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Search Eventlog Example


Question:

I saw some stuff in the tech database on viewing the event log. I'd like to be able to pull up the most recent instance of event ID 1001 with the source of Winlogon. I'd like to get the time and date of the last event to find out how long ago it happened. Are there any easy ways to do this? I looked at the one WMI sample, but am a little unsure how to extract it.

Answer:

This should help you get started. Here is some code that will get you all the events that match that specific criteria:

objWMIService = ObjectGet("winmgmts:{impersonationLevel=impersonate}!\\":strComputer:"\root\cimv2")
objEventSet = objWMIService.ExecQuery("select * from Win32_NTLogEvent where Logfile='Application' and SourceName='Winlogon' and EventCode='1001'")
If objEventSet.Count == 0
   Message("Notice","No Events")
   objEventSet = 0
   objSWbemLocator = 0
   Exit
EndIf

ForEach LogEvent In objEventSet
   data = StrCat( "Event Number: ", LogEvent.RecordNumber, @CRLF )
   data = StrCat( data, "Log File: ", LogEvent.LogFile, @CRLF )
   data = StrCat( data, "Type: " , LogEvent.Type, @CRLF )
   data = StrCat( data, "Source: " , LogEvent.SourceName, @CRLF )
   data = StrCat( data, "Message: " , LogEvent.Message, @CRLF )
   DMTF_date = LogEvent.TimeWritten
   yr =  StrSub(DMTF_date,1,4)
   mnth  = StrSub(DMTF_date,5,2)
   day = StrSub(DMTF_date,7,2)
   hr = StrSub(DMTF_date,9,2)
   mins = StrSub(DMTF_date,11,2)
   secs = StrSub(DMTF_date,13,2)
   YMDHMS_date = StrCat(yr,":",mnth,":",day,":",hr,":",mins,":",secs)
   data = StrCat( data, "Time: " , YMDHMS_date, @CRLF )
   data = StrCat( data, "Code: " , LogEvent.EventCode, @CRLF )
   Message("Event data", data )
Next
objEventSet = 0
objWMIService = 0
Exit


Article ID:   W17323
File Created: 2011:06:29:07:45:36
Last Updated: 2011:06:29:07:45:36