Vista Tutorial - WMI & Eventlogs

Hi,
I'm trying to get all "Error" events from Today's System event log using
WMI.
This is my query,
Select * from Win32_NTLogEvent Where Logfile = 'System' And Type = 'error'
And TimeWritten > '20090624'

However this query doesn't pickup error events in earlier part of the day
like 24/06/2009 02:00am etc. Can you please help me to find what is wrong
here.

I also tried a query something like this based on a internet search but
still no luck,

y = Year(dDate)
m = Right("0" & Month(dDate),2)
d = Right("0" & Day(dDate), 2)
dteCutOffDate = y & m & d & "000000.000000" & TBias

Set colLoggedEvents = objWMI.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'System' And Type =
'error' And TimeWritten > '" & dteCutOffDate & "'")


Function TBias
Set TZone = GetObject("winmgmts:\\.\root\cimv2").ExecQuery ("select * from
Win32_TimeZone")
For Each Zone in TZone
TBias = Zone.Bias
Next
Set TZone = Nothing
End Function

"Babu VT" <babuvt@xxxxxx> wrote in message
news:OT%23cZjJ9JHA.4560@xxxxxxThis example from "Microsoft Windows 2000 Scripting Guide" demonstrates how
to query the logs based on the TimeWritten property:

http://www.microsoft.com/technet/scr..._log_lfas.mspx

Note the format for dates is yyyymmddHHMMSS.xxxxxx-UUU, where yyyy is the
year, mm the month, dd the day, HH the hour (24 hour format), MM the
minutes, SS the seconds, xxxxxx the milliseconds, and UUU the number of
minutes of offset from UTC.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:uOvMLaL9JHA.1492@xxxxxxThe following worked for me:
==============
Option Explicit
Dim objWMIService, strComputer, colEvents, objEvent
Dim dtmToday

strComputer = "MyComputer"

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,authenticationLevel=Pkt}!\\" _
& strComputer & "\root\cimv2")

dtmToday = CStr(Year(Now())) _
& Right("0" & CStr(Month(Now())), 2) _
& Right("0" & CStr(Day(Now())), 2) _
& "000000.000000" & TBias()

Set colEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'System' " _
& "AND Type = 'Error' AND TimeWritten >= '" & dtmToday & "'")
For Each objEvent In colEvents
Wscript.Echo objEvent.EventCode & ", " & objEvent.TimeWritten
Next

Function TBias()
Dim TZone, Zone

Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone")
For Each Zone in TZone
TBias = Zone.Bias
Next
End Function

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:%23%23iKumL9JHA.1376@xxxxxxI cannot test, but perhaps your time zone bias is positive, or less than 3
digits. I don't know what Win32_TimeZone returns in these cases, and I
cannot confirm that a "+" should replace the "-" if the bias is positive.
However, this may be a more accurate function:
=======
Function TBias()
Dim TZone, Zone, lngBias

Set TZone = objWMIService.ExecQuery ("SELECT * FROM Win32_TimeZone")
For Each Zone in TZone
lngBias = Zone.Bias
Next
If (lngBias < 0) Then
TBias = "-" & Right("000" & CStr(Abs(lngBias)), 3)
Else
TBias = "+" & Right("000" & CStr(lngBias), 3)
End If
End Function
=========
This function assumes that objWMIService has global scope and is bound in
the main program. This saves a bit of processing. Your original query also
works.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Thanks a lot Richard.Your help in this case is much appreciated... I was
able to do what I want from your code snippets

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:O2M8T7L9JHA.4168@xxxxxx