Querying a Specific Event Log
Microsoft® Windows® 2000 Scripting Guide
You can greatly speed up data queries by limiting your searches to a specific event log. It is very rare for events of a certain type, or events generated by a specific application, to be written to multiple event logs. Instead, operating system events are invariably written to the System event log, events generated by an application such as Microsoft Office are written to the Application event log, and so forth.
For example, if you are interested in the activities of the DNS service, any such events will be written to the DNS server event log. There is no reason to search the other event logs. A nonoptimized query that searches all the event logs instead of limiting the search to the DNS service log might search tens of thousands of events in the Security event log, even though no DNS service events will be recorded there.
Scripting Steps
Listing 12.8 contains a script that queries a specific event log and echoes the properties of all the records in that log. To carry out this task, the script must perform the following steps:
Create a variable to specify the computer name.
Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."
Use the ExecQuery method to query the Win32_NTLogEvent class.
To limit data retrieval to the records in the System event log, a Where clause is included specifying that the Logfile must be equal to System. The resulting collection will contain only the events in the System event log.
For each event in the collection, echo the event properties.
Listing 12.8 Querying a Specific Event Log
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|