WMI SQL Query for Eventlog

Posted on 2009-04-06
Last Modified: 2012-05-06
I would like to receive the last 5 Entries for each EventID in every logfile or at least for one specific logfile

The table I need is Win32_NTLogEvent

Question by:schubduese
  • 2
LVL 25

Expert Comment

ID: 24078999
Here's a sample to display the last five records from the application logfile, you can adapt it for the other logfile types -
strComputer = "."

strcrlf = chr(13) & chr(10)

Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set objInstalledLogFiles = objWMIService.ExecQuery _

    ("Select * from Win32_NTEventLogFile Where LogFileName = 'Application'")

For Each objLogfile in objInstalledLogFiles

    intRecords = objLogFile.NumberOfRecords


Set colLoggedEvents = objWMIService.ExecQuery _

    ("Select * From Win32_NTLogEvent Where Logfile = 'Application' AND " & _

        "RecordNumber > " &  cstr(intRecords - 5))

For Each objEvent in colLoggedEvents

    Wscript.Echo "Category: " & objEvent.Category & strcrlf & _

    "Computer Name: " & objEvent.ComputerName  & strcrlf & _

    "Event Code: " & objEvent.EventCode & strcrlf & _

    "Message: " & objEvent.Message & strcrlf & _

    "Record Number: " & objEvent.RecordNumber & strcrlf & _

    "Source Name: " & objEvent.SourceName & strcrlf & _

    "Time Written: " & objEvent.TimeWritten & strcrlf & _

    "Event Type: " & objEvent.Type & strcrlf & _

    "User: " & objEvent.User


Open in new window


Author Comment

ID: 24079263
This returns the last  5 entries over all id's right? What if i need the last 5 entries for each event id?
LVL 25

Accepted Solution

reb73 earned 500 total points
ID: 24082989
WQL (WMI query Language) does not support either the TOP operator or the ORDER BY Clause, so I'm afraid you will have to capture the results of the basic query and loop through the collection populating a recordset which can then be sorted on EventCode and TimeWritten to give you the top 5 for each event code..


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  ( Here (http…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now