• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1737
  • Last Modified:

Event log backup using C# and WMI

I need to maintain a years worth of eventlogs on over 200 systems. Because of several environmental factors I've decied to add some functionallity to the monitor service we already have running on all the systems.

During my development, I am getting an "Access Denied" error with the attached code. I'm sure it's because I'm not assing credentials, but I can't find any examples of it in C#. Can anyone assist? I think I can convert from VB.net if anyone has an example of that?

Sorry, the error is coming from the InvokeMethod.
ConnectionOptions oConn = new ConnectionOptions();
            ManagementScope oMs = new ManagementScope(@"\\localhost", oConn);

            ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");

            ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);

            ManagementObjectCollection oRtnColl = oSearcher.Get();

            foreach (ManagementObject oRtn in oRtnColl)
            {
                Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
                Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());
                
                Object[] file = {@"C:\Test" + oRtn["Name"].ToString()};
                               
                oRtn.InvokeMethod("BackupEventlog", file);
                //Console.WriteLine("FreeSpace: " + oRtn["FreeSpace"].ToString());
                //Console.WriteLine("Size: " + oRtn["Size"].ToString());

            }

Open in new window

0
dgerler
Asked:
dgerler
  • 3
  • 2
2 Solutions
 
dgerlerAuthor Commented:
If someone has a better method of creating the backups of the eventlogs on the local machine, that would be appreciated as well.
0
 
dgerlerAuthor Commented:
I gave a 'B' because it wasn't using C# or WMI, but since I opened the field for a "better method" I still want to award the points.
0
 
dgerlerAuthor Commented:
I actually solved this using C# and WMI, but since I opened the field to a "Better Method" the experts desrve the points for providing a solution.

My is shown in the code below....

The key to my problem was the impersonation.
       static void Main(string[] args)
        {
            try
            {
                ConnectionOptions oConn = new ConnectionOptions();

                oConn.Impersonation = ImpersonationLevel.Impersonate;
                oConn.EnablePrivileges = true;
                oConn.Authentication = AuthenticationLevel.Default;

                ManagementScope oMs = new ManagementScope(@"\\localhost\root\cimv2", oConn);

                oMs.Connect();

                ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");

                ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);

                ManagementObjectCollection oRtnColl = oSearcher.Get();

                //Console.WriteLine(WindowsIdentity.GetCurrent().Name);

                ManagementPath path = new ManagementPath("Win32_NTEventLogFile");
                ManagementClass logClass = new ManagementClass(oMs, path, null);

                ManagementBaseObject inParams = logClass.GetMethodParameters("BackupEventlog");

                foreach (ManagementObject oRtn in oRtnColl)
                {
                    Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
                    Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());

                    string logDir = @"C:\log\EventLogs\";
                    DirectoryInfo di = new DirectoryInfo(logDir);
                    if (!di.Exists)
                    {
                        di.Create();
                    }
                    FileInfo fi = new FileInfo(logDir + oRtn["LogFileName"].ToString() + DateTime.Now.ToString("yyyyMMdd") + ".evt");

                    inParams["ArchiveFileName"] = fi.FullName;

                    oRtn.InvokeMethod("BackupEventlog", inParams, null);
                    oRtn.InvokeMethod("ClearEventlog", null);
                }
            }
            catch(Exception ex)
            {

            }
            Console.ReadLine();

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now