"" wrote:
> I have written a vbs script to query existing application event log.
> The main query would be "Select * from Win32_NTLogEvent Where Logfile
> = 'Application' ....
>
> How do I query an existing archived event log?
>
> Thanks.
>
One way to read archived .evt files that I know of is to use Log Parser.
Unfortunately, you first need to download (from
http://www.microsoft.com/downloads/d...displaylang=en)
and install it, so this can be a problem if you don't have enough privileges
or don't want to install it.
If you decide to use it, there is a .chm help file that comes with the
installation, and also some samples in the installation directory. You can
use Log Parser from the Command Prompt, but here is a small VBScript sample:
strQuery = "Select EventId, Message From C:\test.evt"
Set objLogQuery = CreateObject("MSUtil.LogQuery")
Set objRecordset = objLogQuery.Execute(strQuery)
Do Until objRecordset.atEnd
Set objRecord = objRecordset.GetRecord()
WScript.Echo objRecord.GetValue(0), _
Left(objRecord.GetValue(1),75)
objRecordset.moveNext
Loop
--
urkec
My blog:
http://theadminblog.blogspot.com/
My CodeProject articles:
http://www.codeproject.com/script/Ar...x?amid=4210975
Similar Threads
Linear Mode
