WMI EventLog Time interval

Hie all,

I'm trying to get eventlog entries using WMI and WQL.

I can get the right log with the right sourcename of itand so on, but i can make a select query to only get result for the 5 or 10 past minutes.

here开发者_运维知识库 is my query:

Here are a few snippets from a script of mine:

Dim dtmStart, dtmEnd, sDate, ...

I actually had an array of dates and I was looking for logon/off/unlock events for the entire day. So I built my complete start and end dates from that.

I won't put in the day month and year but, you could just define it, e.g. sDate = 10100608.

dtmStart = sDate + "000000.000000-420" '0hr on the date in question.
dtmEnd = sDate + "235900.000000-420" ' 23:59 on the date in question

(Note that the UTC offset is in minutes here -420 day light savings time North America.)

Set colEvents = oWMIService.ExecQuery _
        ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security' AND " _
            & "TimeWritten >= '" & dtmStart & "' AND TimeWritten < '" _
            & dtmEnd & "' AND " _
            & "(EventCode = '528' OR EventCode = '540' OR EventCode = '538')")
            ' Query for events during the time range we're looking for.

Mike,

Show me your query. Usually the time format is something like this

20100608100000.000000-300

see this for more details about DateTime formatting for WQL