Vba swbem WMI servicelogs query - win7x64

Question

0.00/5 (No votes)

See more:

Looking for a SWbem WMI query to produce a list of the Win7x64 service logs. The log files which I'm looking for can be found using the Win7 Event Viewer using the following path...

Event Viewer\Applications and Service Logs\Microsoft\Windows\...

There are about 50 log folders listed for different services runinng on my Win7x64 box. Services like WinHTTP, UAC, International, etc.

I'd love to be able to work with the service logs, back them up, extract events, clear them, etc..

What I have tried:

I've found many standard scripts on the web, most of then using the Win32_NTEventlogFile class.

Unfortunately, the Win32_NTEventlogFile class has not produced a list of the service logs, only the standard logs such as the application and security.

So a normal "Select * from Win32_NTEventlogFile" is not working for me.

Anyone know how to produce and work with a list of the ServiceLogs via SWbem and WMI?

Please advise and thanks!

Posted 10-Sep-17 12:47pm

Mark Regal

Updated 10-Sep-17 13:05pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Graeme_Grant · Accepted Answer · 2017-09-10T13:05:00

Have you tried using Google Search? I used WMI query logs[^] and there appears to be pages of solutions for you to try. Here are just a handful that look useful:

* wmi query - use wmi to get newest Windows log events - Stack Overflow[^]
* C# WMI reading remote event log - Stack Overflow[^]
* WMI Tasks: Event Logs (Windows)[^]
* WMI Log Files (Windows)[^]
* [SOLVED] WMI Query for event log - IT Programming - Spiceworks[^]
* windows - WMI command line event log acess - Server Fault[^]
* Querying the Event Logs[^]
* and much more...[^]

Thanks Graeme!

You know, I did see some of the links before I posted the question, but they didn't deal with ServiceLogs from a SWbem perspective. The command line utilities have always worked (WEvtUtil and Powershell) but I cannot finc the syntax to display a complete list of the Service Event logs from the early bound
WbemScripting tlb.

Microsoft WMI Scripting V1.2 Library
C:\Windows\system32\wbem\wbemdisp.TLB

It could be the service query I'm running...
winmgmts:{impersonationLevel=impersonate,(Backup, Security)}!\\.\root\cimv2
Or the object query...
select * from Win32_NTEventlogFile

The object query only returns the standard Win7 classes...
Application, HardwareEvents, Internet Explorer, Key Management Service
OAlerts, Security, System, Windows PowerShell

I'd like to see the "Microsoft-Windows-International/Operational" log file, as well as, all of the other service log files.

Can't seem to find the correct root class and/or select query.

Best Regards,
Mark