Contact Info

Crumbtrail

ActiveXperts.com » Administration » Scripts » WMI » perl sample

Win32_NTLogEvent perl sample code

The foundations for Manageability in Windows is Windows Management Instrumentation (WMI; formerly WBEM) and WMI extensions for Windows Driver Model (WDM).

ActiveXperts Network Monitor provides the ability to build monitor check routines based on WMI. ActiveXperts has collected more than a hundred WMI samples. You can use these samples as a base for new check routines you can write yourself. The Win32_NTLogEvent WMI class can be used in ActiveXperts Network Monitor to monitor your servers.


Description

The Win32_NTLogEvent WMI class is used to translate instances from the Windows NT event log. An application must have SeSecurityPrivilege in order to receive events from the security event log, otherwise "Access Denied" is returned to the application.

Sample Code

use strict;
use Win32::OLE('in');

use constant wbemFlagReturnImmediately => 0x10;
use constant wbemFlagForwardOnly => 0x20;

my @computers = ("DELL17");
foreach my $computer (@computers) {
   print "\n";
   print "==========================================\n";
   print "Computer: $computer\n";
   print "==========================================\n";

   my $objWMIService = Win32::OLE->GetObject("winmgmts:\\\\$computer\\root\\CIMV2") or die "WMI connection failed.\n";
   my $colItems = $objWMIService->ExecQuery("SELECT * FROM Win32_NTLogEvent", "WQL",
                  wbemFlagReturnImmediately | wbemFlagForwardOnly);

   foreach my $objItem (in $colItems) {
      print "Category: $objItem->{Category}\n";
      print "CategoryString: $objItem->{CategoryString}\n";
      print "ComputerName: $objItem->{ComputerName}\n";
      print "Data: " . join(",", (in $objItem->{Data})) . "\n";
      print "EventCode: $objItem->{EventCode}\n";
      print "EventIdentifier: $objItem->{EventIdentifier}\n";
      print "EventType: $objItem->{EventType}\n";
      print "InsertionStrings: " . join(",", (in $objItem->{InsertionStrings})) . "\n";
      print "Logfile: $objItem->{Logfile}\n";
      print "Message: $objItem->{Message}\n";
      print "RecordNumber: $objItem->{RecordNumber}\n";
      print "SourceName: $objItem->{SourceName}\n";
      print "TimeGenerated: $objItem->{TimeGenerated}\n";
      print "TimeWritten: $objItem->{TimeWritten}\n";
      print "Type: $objItem->{Type}\n";
      print "User: $objItem->{User}\n";
      print "\n";
   }
}sub WMIDateStringToDate(strDate)
{
   return "blah";
}