Win 7 - Event Viewer logs

Hi Sergiu,



These links might help:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa394593%28v=vs.85%29.aspx

http://www.pcreview.co.uk/forums/speeding-up-reading-eventlog-t531713.html

http://blogs.technet.com/b/heyscriptingguy/archive/2004/10/26/hey-scripting-guy-can-i-retrieve-just-failure-events-from-the-security-event-log.aspx



(And a generic request: http://www.google.com/#hl=en&q=wmi%20read%20event%20log)

Hi Alexei,



I've managed to obtain this code:

  var source = "System";

  var strComputer = ".";

  

  var objPath = "winmgmts:{impersonationLevel=impersonate}!\\\\"+strComputer+"\\root\\cimv2";

  Log.Message("Object path: "+objPath);

  

  var objWMIService = GetObject(objPath);

  var logQuery = "SELECT * FROM Win32_NTLogEvent WHERE Logfile = '"+source+"'";

  Log.Message("Log query: "+logQuery);

  

  var colLoggedEvents = objWMIService.ExecQuery(logQuery);

  Log.Message("Log: "+colLoggedEvents); //EMPTY???

  for(objEvent in colLoggedEvents){

    var out = "Category: "+objEvent.Category + " \n Computer Name: "+objEvent.ComputerName+" \n Event Code: "+objEvent.EventCode+" \n Message: "+objEvent.Message+" \n Record Number: "+objEvent.RecordNumber+" \n Source Name: "+objEvent.SourceName+" \n Time Written: "+objEvent.TimeWritten+" \n Event Type: "+objEvent.Type+" \n User: "+objEvent.User;

    Log.Message(out);

  }

This runs but it seems that colLoggedEvents is empty and because of that it never enters the for loop.



Any ideas what I'm doing wrong?



Thanks.

Hi Sergiu,



I did not try JScript version of code, but VBScript one worked fine for me, so, to say the truth, I don't have good ideas at the moment. Except two ones: some issue with the 'for each' enumerator and/or insufficient permissions.

Hi Alexei,



I have tried the VBScript alternative and it works fine, but I need to do it in JScript.



It seems that my colLoggedEvents object isn't empty after all. Calling colLoggedEvents.Count returns a few thousand records.



The problem seems to be with the for loop. It can't iterate between the elements of the object.



I would be more interested in retrieving the Message property of the last element from the log thus not requiring the for loop.



Can you think of a way in which I could do that?



I've tried this:

var lastElem = colLoggedEvents.Item(colLoggedEvents.Count-1);

but it doesn't work.



Thanks.

Hi Sergiu,



Far not sure whether it will work, but try this:






var lastElem = colLoggedEvents.ItemIndex(colLoggedEvents.Count-1);



You may try to evaluate the 'colLoggedEvents.ItemIndex(colLoggedEvents.Count-1)' expression in the debugger while script is stopped on the breakpoint to check if the returned entity is an object or scalar. In former case you may try something like



colLoggedEvents.ItemIndex(colLoggedEvents.Count-1).value

or

colLoggedEvents.ItemIndex(colLoggedEvents.Count-1).OleValue

Hi Alexei,



The ItemIndex() method solved my problem.



The correct code is:

  var lastElem = colLoggedEvents.ItemIndex(0);

  Log.Message("last elem: "+lastElem.Message);

It seems that the last log event written in the log is at index 0.



Thanks.

Hi Sergiu,




> The ItemIndex() method solved my problem.



Thank you for the confirmation. It looks like that ItemIndex() is standard access property for the collections returned by WMI (I suggested you to try it because I used it in my code but for different collection returned by WMI).

Yeah, it's strange I've browsed msdn.microsoft.com and for this type of object the only available method was Item(). Apparently they didn't bother to mention the generic ones somewhere on the site.



Thanks a lot!