Win32_NTEventlogFile - WMI sample in Perl

The foundations for Manageability in Windows 7/2008/Vista/XP/2000 and Millennium Edition/'98 are Windows Management Instrumentation (WMI; formerly WBEM) and WMI extensions for Windows Driver Model (WDM).

ActiveXperts Network Monitor provides the ability to build monitor check routines based on WMI. ActiveXperts has collected more than a hundred WMI samples. You can use these samples as a base for new check routines you can write yourself.

On this site, you can find many WMI samples.


Win32_NTEventlogFile

Description

The Win32_NTEventlogFile WMI class represents a logical file or directory of Windows NT events.

Example(s)

use strict;
use Win32::OLE('in');

use constant wbemFlagReturnImmediately => 0x10;
use constant wbemFlagForwardOnly => 0x20;

my @computers = ("DELL17");
foreach my $computer (@computers) {
   print "\n";
   print "==========================================\n";
   print "Computer: $computer\n";
   print "==========================================\n";

   my $objWMIService = Win32::OLE->GetObject("winmgmts:\\\\$computer\\root\\CIMV2") or die "WMI connection failed.\n";
   my $colItems = $objWMIService->ExecQuery("SELECT * FROM Win32_NTEventlogFile", "WQL",
                  wbemFlagReturnImmediately | wbemFlagForwardOnly);

   foreach my $objItem (in $colItems) {
      print "AccessMask: $objItem->{AccessMask}\n";
      print "Archive: $objItem->{Archive}\n";
      print "Caption: $objItem->{Caption}\n";
      print "Compressed: $objItem->{Compressed}\n";
      print "CompressionMethod: $objItem->{CompressionMethod}\n";
      print "CreationClassName: $objItem->{CreationClassName}\n";
      print "CreationDate: $objItem->{CreationDate}\n";
      print "CSCreationClassName: $objItem->{CSCreationClassName}\n";
      print "CSName: $objItem->{CSName}\n";
      print "Description: $objItem->{Description}\n";
      print "Drive: $objItem->{Drive}\n";
      print "EightDotThreeFileName: $objItem->{EightDotThreeFileName}\n";
      print "Encrypted: $objItem->{Encrypted}\n";
      print "EncryptionMethod: $objItem->{EncryptionMethod}\n";
      print "Extension: $objItem->{Extension}\n";
      print "FileName: $objItem->{FileName}\n";
      print "FileSize: $objItem->{FileSize}\n";
      print "FileType: $objItem->{FileType}\n";
      print "FSCreationClassName: $objItem->{FSCreationClassName}\n";
      print "FSName: $objItem->{FSName}\n";
      print "Hidden: $objItem->{Hidden}\n";
      print "InstallDate: $objItem->{InstallDate}\n";
      print "InUseCount: $objItem->{InUseCount}\n";
      print "LastAccessed: $objItem->{LastAccessed}\n";
      print "LastModified: $objItem->{LastModified}\n";
      print "LogfileName: $objItem->{LogfileName}\n";
      print "Manufacturer: $objItem->{Manufacturer}\n";
      print "MaxFileSize: $objItem->{MaxFileSize}\n";
      print "Name: $objItem->{Name}\n";
      print "NumberOfRecords: $objItem->{NumberOfRecords}\n";
      print "OverwriteOutDated: $objItem->{OverwriteOutDated}\n";
      print "OverWritePolicy: $objItem->{OverWritePolicy}\n";
      print "Path: $objItem->{Path}\n";
      print "Readable: $objItem->{Readable}\n";
      print "Sources: " . join(",", (in $objItem->{Sources})) . "\n";
      print "Status: $objItem->{Status}\n";
      print "System: $objItem->{System}\n";
      print "Version: $objItem->{Version}\n";
      print "Writeable: $objItem->{Writeable}\n";
      print "\n";
   }
}sub WMIDateStringToDate(strDate)
{
   return "blah";
}