开发者

WMI EventLog Time interval

问答 作者:

Hie all,

I'm trying to get eventlog entries using WMI and WQL.

I can get the right log with the right sourcename of itand so on, but i can make a select query to only get result for the 5 or 10 past minutes.

here开发者_运维知识库 is my query:

Here are a few snippets from a script of mine:

Dim dtmStart, dtmEnd, sDate, ...

I actually had an array of dates and I was looking for logon/off/unlock events for the entire day. So I built my complete start and end dates from that.

I won't put in the day month and year but, you could just define it, e.g. sDate = 10100608.

dtmStart = sDate + "000000.000000-420" '0hr on the date in question.
dtmEnd = sDate + "235900.000000-420" ' 23:59 on the date in question

(Note that the UTC offset is in minutes here -420 day light savings time North America.) 

Set colEvents = oWMIService.ExecQuery _
        ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security' AND " _
            & "TimeWritten >= '" & dtmStart & "' AND TimeWritten < '" _
            & dtmEnd & "' AND " _
            & "(EventCode = '528' OR EventCode = '540' OR EventCode = '538')")
            ' Query for events during the time range we're looking for.

Mike,

Show me your query. Usually the time format is something like this

20100608100000.000000-300

see this for more details about DateTime formatting for WQL

继续阅读:event-logwql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9