Reputation: 5523
How to collect the new "Applications and Services Logs" found on Windows 7 or Windows Server 2008 using WMI?
In Windows Server 2008 and Windows 7 there are new Events categorized under "Applications and Services Logs". There is also a subfolder called Microsoft which has tons of subfolders as well.
Is there any way to collect these events through WMI? For the regular "Windows Logs" such as Application and Security, it is possible to use the Win32_NTLogEvent WMI class in the cimv2 namespace. However, this class does not provide access to the new Microsoft event logs.
Any ideas?
Upvotes: 4
Views: 3445
Answers (2)
Reputation: 51
I know this is an old question, but to anyone stumbling across this, it IS actually possibly, you just need to add a registry key to the below location for the log you want to query ie. Microsoft-Windows-PrintService/Admin, or Microsoft-Windows-TaskScheduler/Operational in my case (both parts, with the slash) to the below location.
Not great, but at least it's something.
Credit to McAffee (a few results below on Google, but hopefully may stop some people giving up prematurely!)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\
https://kc.mcafee.com/corporate/index?page=content&id=KB81367
also linked from community.mcafee.com/thread/64301
Upvotes: 5
Related Questions
- How to read Applications and Services Logs via WMI?
- How to export Windows Event log for a specific source with WMI?
- C# WMI reading remote event log
- Get-WMIobject win32_ntlogevent - Newest 3 events
- C# get date/time a windows service started
- How to read event log created in windows service app?
- Using WMI to monitor event log
- Query the Windows event log in a performant way
- Detect when a new event is logged in Windows
- use wmi to get newest Windows log events