Event log backup using C# and WMI
I need to maintain a years worth of eventlogs on over 200 systems. Because of several environmental factors I've decied to add some functionallity to the monitor service we already have running on all the systems.
During my development, I am getting an "Access Denied" error with the attached code. I'm sure it's because I'm not assing credentials, but I can't find any examples of it in C#. Can anyone assist? I think I can convert from VB.net if anyone has an example of that?
Sorry, the error is coming from the InvokeMethod.
During my development, I am getting an "Access Denied" error with the attached code. I'm sure it's because I'm not assing credentials, but I can't find any examples of it in C#. Can anyone assist? I think I can convert from VB.net if anyone has an example of that?
Sorry, the error is coming from the InvokeMethod.
ConnectionOptions oConn = new ConnectionOptions();
ManagementScope oMs = new ManagementScope(@"\\localhost", oConn);
ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");
ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);
ManagementObjectCollection oRtnColl = oSearcher.Get();
foreach (ManagementObject oRtn in oRtnColl)
{
Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());
Object[] file = {@"C:\Test" + oRtn["Name"].ToString()};
oRtn.InvokeMethod("BackupEventlog", file);
//Console.WriteLine("FreeSpace: " + oRtn["FreeSpace"].ToString());
//Console.WriteLine("Size: " + oRtn["Size"].ToString());
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I gave a 'B' because it wasn't using C# or WMI, but since I opened the field for a "better method" I still want to award the points.
ASKER
I actually solved this using C# and WMI, but since I opened the field to a "Better Method" the experts desrve the points for providing a solution.
My is shown in the code below....
The key to my problem was the impersonation.
My is shown in the code below....
The key to my problem was the impersonation.
static void Main(string[] args)
{
try
{
ConnectionOptions oConn = new ConnectionOptions();
oConn.Impersonation = ImpersonationLevel.Impersonate;
oConn.EnablePrivileges = true;
oConn.Authentication = AuthenticationLevel.Default;
ManagementScope oMs = new ManagementScope(@"\\localhost\root\cimv2", oConn);
oMs.Connect();
ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");
ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);
ManagementObjectCollection oRtnColl = oSearcher.Get();
//Console.WriteLine(WindowsIdentity.GetCurrent().Name);
ManagementPath path = new ManagementPath("Win32_NTEventLogFile");
ManagementClass logClass = new ManagementClass(oMs, path, null);
ManagementBaseObject inParams = logClass.GetMethodParameters("BackupEventlog");
foreach (ManagementObject oRtn in oRtnColl)
{
Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());
string logDir = @"C:\log\EventLogs\";
DirectoryInfo di = new DirectoryInfo(logDir);
if (!di.Exists)
{
di.Create();
}
FileInfo fi = new FileInfo(logDir + oRtn["LogFileName"].ToString() + DateTime.Now.ToString("yyyyMMdd") + ".evt");
inParams["ArchiveFileName"] = fi.FullName;
oRtn.InvokeMethod("BackupEventlog", inParams, null);
oRtn.InvokeMethod("ClearEventlog", null);
}
}
catch(Exception ex)
{
}
Console.ReadLine();
ASKER