Vista - Tail Logfile with WMI

Hi

I have a script wich copy files from a remote machine to the local machine
with WMI, but the logs went bigger and bigger and now I search for a
possibility, not to move the complete logfile but rather to tail the logfile
or move only the new events from this logfile. Do you have any clue how I can
realize this ?

Thanks
Peter

On Jan 15, 2:49*am, Peter Bauer <PeterBa...@xxxxxx>
wrote:Maybe this modification of the Script Center's example will help ...

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root
\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Application' " _
& "and RecordNumber > '9800'")

For Each objEvent in colLoggedEvents
Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "Message: " & objEvent.Message
Wscript.Echo "Record Number: " & objEvent.RecordNumber
Wscript.Echo "Source Name: " & objEvent.SourceName
Wscript.Echo "Time Written: " & objEvent.TimeWritten
Wscript.Echo "Event Type: " & objEvent.Type
Wscript.Echo "User: " & objEvent.User
Next

Just change the record number to match your particular situation and
update it as required. You'll probably want to automate it in your
script to read the latest record (first in a log file, I believe) of
the last dump you have on hand. In that case, change the query to use
a variable, something like this ...

Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Application' " _
& "and RecordNumber > '" & nRecNumb & "'")

HTH,

Tom Lavedas
***********
http://there.is.no.more/tglbatch/