RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- From: urkec <urkec@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 11 Sep 2009 09:46:01 -0700
"darmstrong" wrote:
Hmmm. I must really be missing something, then.
I thought that GetObjiect was where the target PC from which the query was
to be made gets defined:
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
and then this objWMIService object, with the target PC already defined
inside it, was used to define a query of that PCs Event log:
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile " _
& "Where LogFileName='Application'")
and then this final statement below simply built the text file from the
colLogFile object (that already defined both the target PC and the desired
EventLog data), with the definition inside "objLogFile.BackupEventLog()" only
defining the target file into which the gathered information would be
written:
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog( _
dest & "el-app-" & node & ".evt")
I wouldn't think that the definition inside objLogFile.BackupEventLog()
would have anything to do with the target PC.
I would have thought that if my above assumptions were incorrect, it
wouldn't even work for the local node.
Thanks,
David
"urkec" wrote:
"darmstrong" wrote:
The only significance of "dest" and "noden this code segment, is in
defining the path and file name of the resultant file from the ExecQuery.
"dest" sets the base filepath where the script resides (eg.
\\computername\c\scripts) and "node" tags the filename with the computername
of the unit from which this particular ExecQuery was sourced (eg. "server7",
if that is the computername of that unit).
This part works fine, as it correctly creates the .evt files for the local
unit, when the script runs. It just won't work for the remote units across
the Workgroup.
Thanks,
David
"urkec" wrote:
"darmstrong" wrote:
Scenario:
- a number of PCs running Windows XP Pro
- all have "Domain" set to "Workgroup" (windows installation default)
- all are logged in as Windows default "Administrator" account
- none of the nodes have Windows Firewall enabled
I have a script that runs on one node and copies files from all the remote
PCs into the folder that the script is run from. This part works fine,
gathering files from both the local and remote nodes, and placing them in
this folder.
I want, however, the gathered files to also include the Windows Event Viewer
.evt exports from all the remote nodes. Here's what I'm using for this:
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile " _
& "Where LogFileName='System'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog( _
dest & "el-sys-" & node & ".evt")
'WScript.Echo "File saved as c:\scripts\applications.evt"
Next
This works fine for the local node from which the script is being run,
putting its .evt data into the folder. It does not however gather .evt data
from any of the remote nodes across the network.
From the reading I've done, I gather that the problem may relate to being on
a Workgroup vs. a Domain. I've also seen mentioned that it may be getting
forced into a guest login, but I've confirmed that all nodes have this
setting:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000
I would appreciate any ideas as to why this is not working for remote nodes.
Thanks,
David
What is the value of dest and node? Do you have C:\scripts on each machine?
--
urkec
My blog:
http://theadminblog.blogspot.com/
My CodeProject articles:
http://www.codeproject.com/script/Articles/MemberArticles.aspx?amid=4210975
BackupEventLog expects a local file path, so if you use
objLogFile.BackupEvnetLog(strFolder) strFolder should exist on the remote
machine (the one to which winmgmts: is connected). What is the value of
errBackupLog after BackupEventLog is called?
--
urkec
My blog:
http://theadminblog.blogspot.com/
My CodeProject articles:
http://www.codeproject.com/script/Articles/MemberArticles.aspx?amid=4210975
When you connect to WMI on a remote computer you work in the context of that
computer, so the query returns event log files from that computer and also
BackupEventLog() expects a local file path to exist on the same (remote)
computer.
--
urkec
My blog:
http://theadminblog.blogspot.com/
My CodeProject articles:
http://www.codeproject.com/script/Articles/MemberArticles.aspx?amid=4210975
.
- Follow-Ups:
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- From: darmstrong
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- References:
- WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environment
- From: darmstrong
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environment
- From: urkec
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- From: darmstrong
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- From: urkec
- RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- From: darmstrong
- WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environment
- Prev by Date: RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- Next by Date: RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- Previous by thread: RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- Next by thread: RE: WMI ExecQuery from Win32_NTEventLogFile in a Workgroup environ
- Index(es):
Relevant Pages
|
