sirbounty
asked on
Vb.Net - querying event log (system) entries
Hi - I'm trying to pull information related to hotfix installations on my devices.
I'm using vb.net 2005 to read the remote logs, but am not finding an easy way to filter it properly, and it's taking to long to iterate the entire log collection and pull back just what I need...
I ordinarily only need log entries for 'today' that have a source of NtServicePack (eid 4377 seems to be the eventid, but I do get a warning in my code to use instanceID which isn't showing the same value).
I simply want to pull back if the hotfix was properly applied or not...
Any ideas on how I can further narrow this, or somehow speed up my query?
(If it helps - I could also filter by username, because normally only one user would be doing the installation)
I'm using vb.net 2005 to read the remote logs, but am not finding an easy way to filter it properly, and it's taking to long to iterate the entire log collection and pull back just what I need...
I ordinarily only need log entries for 'today' that have a source of NtServicePack (eid 4377 seems to be the eventid, but I do get a warning in my code to use instanceID which isn't showing the same value).
I simply want to pull back if the hotfix was properly applied or not...
Any ideas on how I can further narrow this, or somehow speed up my query?
(If it helps - I could also filter by username, because normally only one user would be doing the installation)
Using elEvent As New EventLog("System", strComputer, "NtServicePack")
Dim elEvtCol As EventLogEntryCollection = elEvent.Entries
For x As Int32 = elEvtCol.Count - 1 To minRecordsToReturn Step -1
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
They're not Vista or 2k8 (yet), but that's good info to have.
And I was going to supply two methods for reading the logs - just hadn't quite dug up the wmi method yet, so you saved me a step - thanx! :^)
And I was going to supply two methods for reading the logs - just hadn't quite dug up the wmi method yet, so you saved me a step - thanx! :^)
ASKER