Vista Forums - View Single Post

06-24-2009

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:%23%23iKumL9JHA.1376@xxxxxx

Quote:

>
> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
> message news:uOvMLaL9JHA.1492@xxxxxx

Quote:

>>
>> "Babu VT" <babuvt@xxxxxx> wrote in message
>> news:OT%23cZjJ9JHA.4560@xxxxxx

Quote:

>>> Hi,
>>> I'm trying to get all "Error" events from Today's System event log using
>>> WMI.
>>> This is my query,
>>> Select * from Win32_NTLogEvent Where Logfile = 'System' And Type =
>>> 'error' And TimeWritten > '20090624'
>>>
>>> However this query doesn't pickup error events in earlier part of the
>>> day like 24/06/2009 02:00am etc. Can you please help me to find what is
>>> wrong here.
>>>
>>> I also tried a query something like this based on a internet search but
>>> still no luck,
>>>
>>> y = Year(dDate)
>>> m = Right("0" & Month(dDate),2)
>>> d = Right("0" & Day(dDate), 2)
>>> dteCutOffDate = y & m & d & "000000.000000" & TBias
>>>
>>> Set colLoggedEvents = objWMI.ExecQuery _
>>> ("Select * from Win32_NTLogEvent Where Logfile = 'System' And Type =
>>> 'error' And TimeWritten > '" & dteCutOffDate & "'")
>>>
>>>
>>> Function TBias
>>> Set TZone = GetObject("winmgmts:\\.\root\cimv2").ExecQuery ("select *
>>> from Win32_TimeZone")
>>> For Each Zone in TZone
>>> TBias = Zone.Bias
>>> Next
>>> Set TZone = Nothing
>>> End Function
>>>
>>>

>>
>> This example from "Microsoft Windows 2000 Scripting Guide" demonstrates
>> how to query the logs based on the TimeWritten property:
>>
>> http://www.microsoft.com/technet/scr..._log_lfas.mspx
>>
>> Note the format for dates is yyyymmddHHMMSS.xxxxxx-UUU, where yyyy is the
>> year, mm the month, dd the day, HH the hour (24 hour format), MM the
>> minutes, SS the seconds, xxxxxx the milliseconds, and UUU the number of
>> minutes of offset from UTC.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>

>
> The following worked for me:
> ==============
> Option Explicit
> Dim objWMIService, strComputer, colEvents, objEvent
> Dim dtmToday
>
> strComputer = "MyComputer"
>
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate,authenticationLevel=Pkt}!\\" _
> & strComputer & "\root\cimv2")
>
> dtmToday = CStr(Year(Now())) _
> & Right("0" & CStr(Month(Now())), 2) _
> & Right("0" & CStr(Day(Now())), 2) _
> & "000000.000000" & TBias()
>
> Set colEvents = objWMIService.ExecQuery _
> ("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'System' " _
> & "AND Type = 'Error' AND TimeWritten >= '" & dtmToday & "'")
> For Each objEvent In colEvents
> Wscript.Echo objEvent.EventCode & ", " & objEvent.TimeWritten
> Next
>
> Function TBias()
> Dim TZone, Zone
>
> Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone")
> For Each Zone in TZone
> TBias = Zone.Bias
> Next
> End Function
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>

I cannot test, but perhaps your time zone bias is positive, or less than 3
digits. I don't know what Win32_TimeZone returns in these cases, and I
cannot confirm that a "+" should replace the "-" if the bias is positive.
However, this may be a more accurate function:
=======
Function TBias()
Dim TZone, Zone, lngBias

Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone")
For Each Zone in TZone
lngBias = Zone.Bias
Next
If (lngBias < 0) Then
TBias = "-" & Right("000" & CStr(Abs(lngBias)), 3)
Else
TBias = "+" & Right("000" & CStr(lngBias), 3)
End If
End Function
=========
This function assumes that objWMIService has global scope and is bound in
the main program. This saves a bit of processing. Your original query also
works.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

06-24-2009	#4 (permalink)
Richard Mueller [MVP] n/a posts	Re: WMI & Eventlogs "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in message news:%23%23iKumL9JHA.1376@xxxxxx Quote: > > "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in > message news:uOvMLaL9JHA.1492@xxxxxx Quote: >> >> "Babu VT" <babuvt@xxxxxx> wrote in message >> news:OT%23cZjJ9JHA.4560@xxxxxx Quote: >>> Hi, >>> I'm trying to get all "Error" events from Today's System event log using >>> WMI. >>> This is my query, >>> Select * from Win32_NTLogEvent Where Logfile = 'System' And Type = >>> 'error' And TimeWritten > '20090624' >>> >>> However this query doesn't pickup error events in earlier part of the >>> day like 24/06/2009 02:00am etc. Can you please help me to find what is >>> wrong here. >>> >>> I also tried a query something like this based on a internet search but >>> still no luck, >>> >>> y = Year(dDate) >>> m = Right("0" & Month(dDate),2) >>> d = Right("0" & Day(dDate), 2) >>> dteCutOffDate = y & m & d & "000000.000000" & TBias >>> >>> Set colLoggedEvents = objWMI.ExecQuery _ >>> ("Select * from Win32_NTLogEvent Where Logfile = 'System' And Type = >>> 'error' And TimeWritten > '" & dteCutOffDate & "'") >>> >>> >>> Function TBias >>> Set TZone = GetObject("winmgmts:\\.\root\cimv2").ExecQuery ("select * >>> from Win32_TimeZone") >>> For Each Zone in TZone >>> TBias = Zone.Bias >>> Next >>> Set TZone = Nothing >>> End Function >>> >>> >> >> This example from "Microsoft Windows 2000 Scripting Guide" demonstrates >> how to query the logs based on the TimeWritten property: >> >> http://www.microsoft.com/technet/scr..._log_lfas.mspx >> >> Note the format for dates is yyyymmddHHMMSS.xxxxxx-UUU, where yyyy is the >> year, mm the month, dd the day, HH the hour (24 hour format), MM the >> minutes, SS the seconds, xxxxxx the milliseconds, and UUU the number of >> minutes of offset from UTC. >> >> -- >> Richard Mueller >> MVP Directory Services >> Hilltop Lab - http://www.rlmueller.net >> -- >> >> > > The following worked for me: > ============== > Option Explicit > Dim objWMIService, strComputer, colEvents, objEvent > Dim dtmToday > > strComputer = "MyComputer" > > Set objWMIService = GetObject("winmgmts:" _ > & "{impersonationLevel=impersonate,authenticationLevel=Pkt}!\\" _ > & strComputer & "\root\cimv2") > > dtmToday = CStr(Year(Now())) _ > & Right("0" & CStr(Month(Now())), 2) _ > & Right("0" & CStr(Day(Now())), 2) _ > & "000000.000000" & TBias() > > Set colEvents = objWMIService.ExecQuery _ > ("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'System' " _ > & "AND Type = 'Error' AND TimeWritten >= '" & dtmToday & "'") > For Each objEvent In colEvents > Wscript.Echo objEvent.EventCode & ", " & objEvent.TimeWritten > Next > > Function TBias() > Dim TZone, Zone > > Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone") > For Each Zone in TZone > TBias = Zone.Bias > Next > End Function > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > I cannot test, but perhaps your time zone bias is positive, or less than 3 digits. I don't know what Win32_TimeZone returns in these cases, and I cannot confirm that a "+" should replace the "-" if the bias is positive. However, this may be a more accurate function: ======= Function TBias() Dim TZone, Zone, lngBias Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone") For Each Zone in TZone lngBias = Zone.Bias Next If (lngBias < 0) Then TBias = "-" & Right("000" & CStr(Abs(lngBias)), 3) Else TBias = "+" & Right("000" & CStr(lngBias), 3) End If End Function ========= This function assumes that objWMIService has global scope and is bound in the main program. This saves a bit of processing. Your original query also works. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net --
My System Specs