RE: Can't read remote system event log
From: dharani babu (dharanibabu_at_discussions.microsoft.com)
Date: 10/14/04
- Next message: dharani babu: "XP to NT connection - Change in Password wipes out WMI"
- Previous message: dharani babu: "Re: connecting to a different operating system"
- In reply to: Paul Roberts: "Can't read remote system event log"
- Next in thread: Paul Roberts: "Re: Can't read remote system event log"
- Reply: Paul Roberts: "Re: Can't read remote system event log"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 14 Oct 2004 04:45:25 -0700
Could you specify the target OS ?
"Paul Roberts" wrote:
> My app is having trouble reading the system and security logs from some
> servers across a network. There are no errors being reported, it's just
> that the enumeration comes back with no records. I've had the user run
> WBEMTEST, and it gets records without problems.
>
> My app works fine with application logs over the network, and will get
> system and security logs when running locally on the server(s) in
> question. I'm unable to duplicate the same behaviour on my in-house test
> PC running the same OS (W2k server) and service pack (SP4).
>
> I'd really appreciate it if someone could give me advice on how to
> troubleshoot this. I don't have access to the client's site so
> everything has to be done over the phone and via new releases of my app.
>
> Here's a quick summary of what I'm doing:
>
> 1. Call CoInitializeSecurity (details below)
> 2. Make sure I've got SeSecurity privilege.
> 3. Create the WBEMLocator and call connect server
> 4. Call CoSetProxyBlanket (details below) on the resulting proxy
> 5. Call ExecQuery with "SELECT * FROM Win32_NTLogEvent WHERE
> Logfile='Security'"
> 6. Call CoSetProxyBlanket on the resulting enumerator proxy
>
> OK, so here's my call to CoInitializeSecurity:
> CoInitializeSecurity(NULL,-1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,
> RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL)
>
> And for the call to CoSetProxyBlanket I'm filling out a COAUTHIDENTITY then:
>
> ::CoSetProxyBlanket(pProxy, RPC_C_AUTHN_DEFAULT, RPC_C_AUTHZ_DEFAULT,
> NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, &coauthID,
> EOAC_NONE)
>
> Any ideas?
>
- Next message: dharani babu: "XP to NT connection - Change in Password wipes out WMI"
- Previous message: dharani babu: "Re: connecting to a different operating system"
- In reply to: Paul Roberts: "Can't read remote system event log"
- Next in thread: Paul Roberts: "Re: Can't read remote system event log"
- Reply: Paul Roberts: "Re: Can't read remote system event log"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
