Retrieve Events For One Day from an Event Log
Hello,
You might want to optimize your script simply by hardcoding the start date
and end date on your script instead of having pulling that data from
another class . just make sure you write it as UTC Format and you're done.
It looks something like
*****************************************************************
dtmStartDate = "20030409000000.000000-480"
dtmEndDate = "20030410000000.000000-480"
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "Message: " & objEvent.Message
Wscript.Echo "Record Number: " & objEvent.RecordNumber
Wscript.Echo "Source Name: " & objEvent.SourceName
Wscript.Echo "Time Written: " & objEvent.TimeWritten
Wscript.Echo "Event Type: " & objEvent.Type
Wscript.Echo "User: " & objEvent.User
Wscript.Echo objEvent.LogFile
Next
***********************************************************************
Regards
Yassine
Quote:
> Hi,
> I writing a script to retrieve all Events from events log
> in for the last 24 hours using Wmi by get local date and
> using <> but having error have a look on the code below
> any idea
> thx
> '***********CODE*****************
> Dim dtmEndDate ,dtmStartDate
> DtaeWmi
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:"
> & "{impersonationLevel=impersonate}!\\" & strComputer
> & "\root\cimv2")
> Set colEvents = objWMIService.ExecQuery ("Select * from
> Win32_NTLogEvent Where TimeWritten >= '" & dtmStartDate
> & "' and TimeWritten < '" & dtmEndDate & "'")
> For each objEvent in colEvents
> Wscript.Echo "Category: " & objEvent.Category
> Wscript.Echo "Computer Name: " & objEvent.ComputerName
> Wscript.Echo "Event Code: " & objEvent.EventCode
> Wscript.Echo "Message: " & objEvent.Message
> Wscript.Echo "Record Number: " & objEvent.RecordNumber
> Wscript.Echo "Source Name: " & objEvent.SourceName
> Wscript.Echo "Time Written: " & objEvent.TimeWritten
> Wscript.Echo "Event Type: " & objEvent.Type
> Wscript.Echo "User: " & objEvent.User
> Wscript.Echo objEvent.LogFile
> Next
> Function DtaeWmi
> vRemoteMachineName = "."
> Set SystemSet = _
> GetObject("winmgmts://" & vRemoteMachineName
> & "/root/cimv2")_
> .ExecQuery("select LocalDateTime " _
> & "from Win32_OperatingSystem where Primary=true")
> for each System in SystemSet
> vLocalDateTime = System.LocalDateTime
> next
> Wscript.echo vLocalDateTime
> dtmStartDate = Left (vLocalDateTime,8)
> dtmEndDate = dtmStartDate
> dtmStartDate = dtmStartDate & "000000.0000000000+120"
> dtmEndDate = dtmEndDate & "235900.0000000000+120"
> 'Wscript.Echo dtmEndDate
> End Function
