Re: Urgent:- Reading event log files using Win32_NTLogevent class

HI

My tool is only for Local machines and i doesn't access remote
machines. i tried to change the connection strings, but not able to
access windows event logs files.

If you can send some sample code for it, it would be highly
appreciated..

Thanks in advance
vicky


VB Research wrote:
Go here http://msdn2.microsoft.com/en-us/library/aa389284.aspx

Look for "DCOM Impersonation and Authentication Settings" table

To update your WMI go here
http://www.microsoft.com/downloads/details.aspx?FamilyID=afe41f46-e213-4cbf-9c5b-fbf236e0e875&DisplayLang=en

and 2000 has WMI 1.5 core install by default if not use windows update.

Good Luck

VB Research wrote:
The problem that you are have is with the connection string. The
following values change for different OSs and if the settings for Dcom
and Com+ where changed. Very few change dcom and com settings. You
should be able the values to replace RPC_C_AUTHN_LEVEL_CALL, and
RPC_C_IMP_LEVEL_IMPERSONATE. I do have a Win2000 computer to get the
values. There is not a connection string that works on all Win OSs by
default.

If you guess the values are

RPC_C_IMP_LEVEL_IMPERSONATE = 3 // your current setting. Try 0 to 4
RPC_C_AUTHN_LEVEL_CALL = 2 // your current setting. Try 0 to 6 and
maybe -1

Good Luck.

vikcy wrote:
Hi friends

I am developing a tool that reads the windows event log

files. I used WMI class Win32_NTLogEvent for it .
It works fine on Windows XP professional,Home and 2003 server std.
edition and enterprise edition (32 bit and 64 bit)


But it fails on Windows 2000 professional , 2000 server ,
NT 4.0


Can any body had done it before , please help me , it is very urgent.


Thanks


Sample code that i wrote to connect WMI is as follows:-


m_pIWbemLocator = NULL;


//Initializes the COM library for use by the calling
thread
m_hres=CoInitializeEx(NULL , COINIT_MULTITHREADED );


if(FAILED(m_hres))
{
return FALSE;
}


m_hres =
CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,

RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_NONE,NULL);


if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}


// Set the security privileges first.
BOOL bRet = SetSecurityPrivilege();


if(!bRet)
{
CoUninitialize();
return FALSE;
}


// Create Instance of IWbemLocator class.
CComPtr<IClassFactory> pCF;
BSTR bstrNamespace = (L"root\\cimv2");
DWORD dwClsContext=CLSCTX_INPROC_SERVER |
CLSCTX_LOCAL_SERVER;


m_hres = CoGetClassObject(CLSID_WbemLocator, dwClsContext,
NULL, IID_IClassFactory,reinterpret_cast< void** >
(&pCF));


if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}


m_hres = CoCreateInstance(CLSID_WbemLocator,NULL,

CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER,IID_IUnknown ,
(void **) & m_pIWbemLocator) ;
if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}
return TRUE;


}


BOOL CWMIGenerateDefnFile::WMIConnect()
{
m_pWbemServices = NULL;

m_hres =
m_pIWbemLocator->ConnectServer(CComBSTR(L"ROOT\\CIMV2"),
NULL,NULL,NULL,0,NULL,NULL,&m_pWbemServices);


if(FAILED(m_hres))
{
return FALSE;
}
m_hres =
CoSetProxyBlanket(m_pWbemServices,RPC_C_AUTHN_WINNT,RPC_C_AUTHZ_NONE,
NULL,RPC_C_AUTHN_LEVEL_CALL,RPC_C_IMP_LEVEL_IMPERSONATE,NULL,
EOAC_NONE);


if(FAILED(m_hres))
{
return FALSE;
}
return TRUE;



}


BOOL CWMIGenerateDefnFile::ExecuteWMIQuery(CString szLogFileName)
{

m_pEnumObject = NULL;
_bstr_t strQuery = (L"Select * from Win32_NTLogEvent WHERE
LogFile =
");
strQuery += L"\"";
strQuery += (LPSTR)(LPCTSTR)szLogFileName;
strQuery += L"\"";
BSTR strQL = (L"WQL");


//Firing the WQL query to Win32_NTLogEvent class
m_hres = m_pWbemServices->ExecQuery(strQL, strQuery,
WBEM_FLAG_FORWARD_ONLY |

WBEM_FLAG_RETURN_IMMEDIATELY,NULL,&m_pEnumObject);


if(FAILED(m_hres))
{
return FALSE;
}
return TRUE;

.

Loading