#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2011
    Posts
    16
    Rep Power
    0

    WMI Eventlog:Unable to get specific EventLogs (Application logs)


    Hi,
    I am trying to get specific eventlogs using WMI. These are Application related logs and I'd like to get it based on "EventCode". The code below does that but it doesn't fetch all the Application logs. e.g. I would like to get all the eventlogs with Eventcode "103" but it's not able to fetch that. It gets eventlogs with Eventcode "102" and some other Eventcodes. Can someone help in understanding what might be going wrong?

    [ code ]

    use Win32::OLE qw (in);
    $Computer = 'servername';
    $Win32_Class ='Win32_NTLogEvent';
    $Class = "WinMgmts://$Computer";
    $Wmi = Win32::OLE->GetObject ($Class);
    if ($Events = $Wmi->ExecQuery("SELECT * FROM $Win32_Class WHERE LogFile='Application' AND EventCode=103")) {

    print "$Events\n"; # prints Win32::OLE=HASH(0x3c88a00)

    }

    foreach $Event (in($Events)) { # Failing here.

    print "$Event{TimeGenerated}\n";
    print "$Event{Message}\n";

    }
    exit;

    [ /code ]

    If I use "EventCode=102", I am able to get the output but it's not working for "EventCode=103" and some other required codes. Please let me know what need to be done in order to get specific eventlogs.

    Thanks
  2. #2
  3. 'fie' on me, allege-dly
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2003
    Location
    in da kitchen ...
    Posts
    12,890
    Rep Power
    6444
    if 102's are coming up, and 103's aren't - are we sure there are 103 events, under Application?
    --Ax
    without exception, there is no rule ...
    Handmade Irish Jewellery
    Targeted Advertising Cookie Optout (TACO) extension for Firefox
    The great thing about Object Oriented code is that it can make small, simple problems look like large, complex ones


    09 F9 11 02
    9D 74 E3 5B
    D8 41 56 C5
    63 56 88 C0
    Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.
    -- Jamie Zawinski
    Detavil - the devil is in the detail, allegedly, and I use the term advisedly, allegedly ... oh, no, wait I did ...
    BIT COINS ANYONE
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2011
    Posts
    16
    Rep Power
    0
    Originally Posted by Axweildr
    if 102's are coming up, and 103's aren't - are we sure there are 103 events, under Application?
    Hi,
    Thanks for the reply. I am sure that 103 eventcodes are present under "Application" only. But somehow it's not working. Not sure what's that issue. I am able to get only few eventcodes like 102, 1704, etc. But the one's which are really required are not coming out.

    Thanks.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2011
    Posts
    16
    Rep Power
    0
    Originally Posted by oviperl
    Hi,
    Thanks for the reply. I am sure that 103 eventcodes are present under "Application" only. But somehow it's not working. Not sure what's that issue. I am able to get only few eventcodes like 102, 1704, etc. But the one's which are really required are not coming out.

    Thanks.
    Has anyone faced the similar issue? Or am I missing something in the code to get specific WMI eventcode?

    Appreciate your help.
    Thanks

IMN logo majestic logo threadwatch logo seochat tools logo