WMI query cannot extract event message
Hi there
My WMI query renders the events in the local hosts but returns null for every event message from any remote server. Other fields, such as event code or computername have no problemes, only the event message (which can be rather long)
I attach my connecting string
Is there any workaround?
Thanks
My WMI query renders the events in the local hosts but returns null for every event message from any remote server. Other fields, such as event code or computername have no problemes, only the event message (which can be rather long)
I attach my connecting string
Is there any workaround?
Thanks
Set wbemLocator = CreateObject("wbemscripting.swbemlocator")
Set objWMIService = wbemLocator.ConnectServer(strComputer, , strUser, strPassword)
What appens if you try this directly from a command line
Do you have anything displayed ?
WMIC /NODE:192.168.0.1 /USER:domain\user /password:password PATH Win32ntlogevent Where (Type='Error' and Logfile='System') get messageDo you have anything displayed ?
ASKER
Roads_Roads: I provided the namespace and I keep getting null content messages. There is no difference
khaaz: I've got an "no valid class" error
Thanks
khaaz: I've got an "no valid class" error
Thanks
I've misspelled the class name
could you try with win32_ntlogevent
could you try with win32_ntlogevent
ASKER
Hi khaaz:
Sorry for the delay. I missed your comment.
Your idea works fine. Now, my problem is how I must redesign my code in order to get the information, instead of using a command line
Thanks
Sorry for the delay. I missed your comment.
Your idea works fine. Now, my problem is how I must redesign my code in order to get the information, instead of using a command line
Thanks
Hi Pakhu1,
Now we know that the message attribute can be retrieved and you don't have any rights or access issues. You did copy/paste only thee connection string which seems to be good, what's your code ?
Khaaaz
Now we know that the message attribute can be retrieved and you don't have any rights or access issues. You did copy/paste only thee connection string which seems to be good, what's your code ?
Khaaaz
ASKER
Hi there:
It looks like you are on the right track.
Find the code attached
Thank you
It looks like you are on the right track.
Find the code attached
Thank you
Set wbemLocator = CreateObject("wbemscripting.swbemlocator")
Set objWMIService = wbemLocator.ConnectServer(strComputer, "root\CIMV2", strUser, strPassword)
Set colRetrievedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent Where TimeWritten >= '" & FechaIni & "' AND SourceName = '" & RST("Servicio") & "'", , 48)
For Each objEvent In colRetrievedEvents
The code seems fine, what if you try with :
and then wscript.echo objevent.message or something like that ?
("SELECT TimeWritten,SourceName,Message FROM Win32_NTLogEvent Where TimeWritten >= '" & FechaIni & "' AND SourceName = '" & RST("Servicio") & "'", , 48) and then wscript.echo objevent.message or something like that ?
and did you try without the 48 flag ? :
("SELECT * FROM Win32_NTLogEvent Where TimeWritten >= '" & FechaIni & "' AND SourceName = '" & RST("Servicio") & "'")ASKER
Yes I tryed both ways and the resulta is exactly the same
The funny think is that the code works fine for a server in my building, but not for servers that are in the same area but some kilometers away.
Now I'm running the code with the new SELECT clause. It takes a while...
The funny think is that the code works fine for a server in my building, but not for servers that are in the same area but some kilometers away.
Now I'm running the code with the new SELECT clause. It takes a while...
ASKER
Well,I get the same result:
for the remote servers I get all fields right (type, TimWriteen). Al of them but Message that is still null in all cases
for the remote servers I get all fields right (type, TimWriteen). Al of them but Message that is still null in all cases
The funny think is that the code works fine for a server in my building, but not for servers that are in the same area but some kilometers away.
So I think we should investigate that way, same OS and service pack version ?
could you try on a non working server to recompile ntevt.mof with :
C:\Windows\System32\wbem>mofcomp ntevt.mofASKER
Hi there
Sorry for he dealay. I was out of the offiice
Running this command I get the error 0x80041003 regarding WMI
Thanks
Sorry for he dealay. I was out of the offiice
Running this command I get the error 0x80041003 regarding WMI
Thanks
C:\Windows\System32\wbem>mofcomp ntevt.mof
Microsoft (R) MOF Compiler Version 6.1.7601.17514
Copyright (c) Microsoft Corp. 1997-2006. Reservados todos los derechos.
Analizando el archivo MOF: ntevt.mof
El archivo MOF se analizó correctamente
Almacenando información en el repositorio...
Error al procesar el elemento 1 definido en las líneas 8 - 11 en el archivo ntev
t.mof:
Número de error: 0x80041003, facilidad: WMI
Descripción: Acceso denegado
El compilador ha devuelto el error 0x80041003
C:\Windows\System32\wbem>cd..ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Set wbemLocator = CreateObject("wbemscriptin
Set objWMIService = wbemLocator.ConnectServer(