Win32_NTLogEvent - WMI sample in Python

The foundations for Manageability in Windows 7/2008/Vista/XP/2000 and Millennium Edition/'98 are Windows Management Instrumentation (WMI; formerly WBEM) and WMI extensions for Windows Driver Model (WDM).

ActiveXperts Network Monitor provides the ability to build monitor check routines based on WMI. ActiveXperts has collected more than a hundred WMI samples. You can use these samples as a base for new check routines you can write yourself.

On this site, you can find many WMI samples.


Win32_NTLogEvent

Description

The Win32_NTLogEvent WMI class is used to translate instances from the Windows NT event log. An application must have SeSecurityPrivilege in order to receive events from the security event log, otherwise "Access Denied" is returned to the application.

Example(s)

import win32com.client
def WMIDateStringToDate(dtmDate):
    strDateTime = ""
    if (dtmDate[4] == 0):
        strDateTime = dtmDate[5] + '/'
    else:
        strDateTime = dtmDate[4] + dtmDate[5] + '/'
    if (dtmDate[6] == 0):
        strDateTime = strDateTime + dtmDate[7] + '/'
    else:
        strDateTime = strDateTime + dtmDate[6] + dtmDate[7] + '/'
        strDateTime = strDateTime + dtmDate[0] + dtmDate[1] + dtmDate[2] + dtmDate[3] + " " + dtmDate[8] + dtmDate[9] + ":" + dtmDate[10] + dtmDate[11] +':' + dtmDate[12] + dtmDate[13]
    return strDateTime

strComputer = "."
objWMIService = win32com.client.Dispatch("WbemScripting.SWbemLocator")
objSWbemServices = objWMIService.ConnectServer(strComputer,"root\cimv2")
colItems = objSWbemServices.ExecQuery("SELECT * FROM Win32_NTLogEvent")
for objItem in colItems:
    if objItem.Category != None:
        print "Category:" + ` objItem.Category`
    if objItem.CategoryString != None:
        print "CategoryString:" + ` objItem.CategoryString`
    if objItem.ComputerName != None:
        print "ComputerName:" + ` objItem.ComputerName`
    print "Data:"
    strList = " "
    try :
        for objElem in objItem.Data :
            strList = strList + `objElem` + ","
    except:
        strList = strList + 'null'
    print strList
    if objItem.EventCode != None:
        print "EventCode:" + ` objItem.EventCode`
    if objItem.EventIdentifier != None:
        print "EventIdentifier:" + ` objItem.EventIdentifier`
    if objItem.EventType != None:
        print "EventType:" + ` objItem.EventType`
    print "InsertionStrings:"
    strList = " "
    try :
        for objElem in objItem.InsertionStrings :
            strList = strList + `objElem` + ","
    except:
        strList = strList + 'null'
    print strList
    if objItem.Logfile != None:
        print "Logfile:" + ` objItem.Logfile`
    if objItem.Message != None:
        print "Message:" + ` objItem.Message`
    if objItem.RecordNumber != None:
        print "RecordNumber:" + ` objItem.RecordNumber`
    if objItem.SourceName != None:
        print "SourceName:" + ` objItem.SourceName`
    if objItem.TimeGenerated != None:
        print "TimeGenerated:" + WMIDateStringToDate(objItem.TimeGenerated)
    if objItem.TimeWritten != None:
        print "TimeWritten:" + WMIDateStringToDate(objItem.TimeWritten)
    if objItem.Type != None:
        print "Type:" + ` objItem.Type`
    if objItem.User != None:
        print "User:" + ` objItem.User`