Delphi Get Security Event Logs using FWMIService

In Delphi Wish to read security event logs.

This type of code below works with other calls to the   FWMIService

I just can't get the basic function to work..
It Gives an IO Error 105

I have tried it on XP and Win 2008r2
I wish it to work on Advance Servers like 2008r2 and 2012


procedure  GetLogEvents3;
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin

  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  FWMIService.Security_.ImpersonationLevel:=3; //Impersonate security
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    Form1.LogWin.Lines.add(Format('Rec id %s',[Integer(FWbemObject.EventrecordID)]));
    Form1.LogWin.Lines.add(Format('Address %s',[Integer(FWbemObject.IpAddress)]));
  end;
    FWbemObject:=Unassigned;
end;

Open in new window

LVL 1
yahoolaneAsked:
Who is Participating?
 
yahoolaneConnect With a Mentor Author Commented:
This is wonderful if it worked.
but not having any luck with WMI

Tried the JEDI  code

It at lease works but has some short comings.

JvNTEventLog  works for all servers

It data returns funny but it works.
0
 
Sinisa VukCommented:
Which line throws error? (using debug or other method)
Is this came from:
http://theroadtodelphi.wordpress.com/2011/10/27/wmi-tasks-using-delphi-%E2%80%93-event-logs/?

Maybe your user level have no access (rights) to access security logs. (even if you do impersonate)
0
 
Geert GOracle dbaCommented:
is wmi service running on the server
i know it's a very basic check ... :)
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
yahoolaneAuthor Commented:
This is the Line that is giving the I/O error 105

FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);

Open in new window


WMI is running because I can do the same code and ask for the OS and other settings
by just changing the line above.   I am running as administrator.

If this is not the answer to getting the security logs, without putting in a trap.
Please point me in the right direction.
0
 
Sinisa VukCommented:
if you put:
FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);                                           

Open in new window


.... is error still present?
0
 
yahoolaneAuthor Commented:
I had tried the * earlier, with the same issue.

I understand SQL

it is just not working.
0
 
yahoolaneAuthor Commented:
JEDI code worked for the problem I had

Examples would be nice.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.