Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reading an .evt in vb script

Status
Not open for further replies.
alliseeing

alliseeing

Technical User
Nov 13, 2010
5
US
Still learning vb.

Trying to read single .evt that is local or in a folder to the script location.

Like this, but I want to designate the path it pulls from

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = ''Application''")
For Each objEvent in colLoggedEvents
Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "Message: " & objEvent.Message
Wscript.Echo "Record Number: " & objEvent.RecordNumber
Wscript.Echo "Source Name: " & objEvent.SourceName
Wscript.Echo "Time Written: " & objEvent.TimeWritten
Wscript.Echo "Event Type: " & objEvent.Type
Wscript.Echo "User: " & objEvent.User
Next

Any help would be appreciated


 
Sort by date Sort by votes
Making more clearer, i am trying to retrieved .evt files from an archived folder on the computer say 'c:\archived_logs' that contain nothing but .evt files. How would I modify the code below to facilitate this.

If bAllLogs Then
Set cLogFiles = oWMI.ExecQuery("SELECT LogFileName FROM Win32_NTEventLogFile")
sLogName = ""
For Each oLog In cLogFiles
sLogName = sLogName & oLog.LogFileName & "," 'Some log names contain spaces.
Next
Set cLogFiles = Nothing
End If

 
Upvote 0 Downvote
I already have a working script not using log parser. I can already pull the evt files. just wanna pull from a different directory on the system. See

code

If bAllLogs Then
Set cLogFiles = oWMI.ExecQuery("SELECT LogFileName FROM Win32_NTEventLogFile")
sLogName = ""
For Each oLog In cLogFiles
sLogName = sLogName & oLog.LogFileName & "," 'Some log names contain spaces.
Next
Set cLogFiles = Nothing
End If

/code

just wanna change the directory(directory of whats being queried). Trying to figure what win32 api call i can use.

Thanks for you input
 
Upvote 0 Downvote
Something like this ?
Code: 
Set cLogFiles = oWMI.ExecQuery("SELECT LogFileName FROM Win32_NTEventLogFile WHERE Path='\windows\system\'")

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886
 
Upvote 0 Downvote
Thanks that work for me man. Sometimes the answer is so simple

Thanks again.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sal21
  • Locked
  • Question
scrping in listbox in a web page
Replies
0
Views
456
sal21
sal21
Andrzejek
  • Question
Hyperlinks in Word cut at #
Replies
2
Views
188
Andrzejek
Andrzejek
Kymenglish
  • Locked
  • Question
Automated data entry code in MS Excel VB - Edge code how to hit enter to remove popups
Replies
3
Views
367
strongm
strongm
xwb
  • Locked
  • Helpful tip
Performing VBA operations in other languages
Replies
1
Views
388
strongm
strongm
jtm2020hyo
  • Locked
  • Question
VBA script to split 0D, 1D, and 2D arrays 1
Replies
10
Views
509
jtm2020hyo
jtm2020hyo

Part and Inventory Search

Sponsor

Back
Top