Is there a way to directly read the Windows Event Log from XOJO?
I have successfully used SHELL to run LogParser (a Microsoft Utility) and write the selected events to a file then read the file to get the entries. I would prefer to read directly from XOJO if possible.
Yes. You can get a shell to do a ‘wevtutil qe ’ command.
David,
I was hoping to not use an external program BUT ‘wevtutil’ seems to be already installed on most recent Windows versions so that avoids the install step for LogParser.
Thanks.
You can use wmi with use of Xojo’s OLEObject:
How to read Windows System log:
// This example will read Windows system event log file
// http://library.wmifun.net/cimv2/win32_ntlogevent.html
Dim locator, objWMIService, objs, objProperty As OLEOBJECT
Dim nobjs as Integer
// Connect to WMI
locator = new oleObject("WbemScripting.SWbemlocator", true)
Dim wmiServiceParams(2) as variant
wmiServiceParams(1) = "."
wmiServiceParams(2) = "root\\cimv2"
objWMIService= locator.invoke("ConnectServer", wmiServiceParams)
// Run the WMI query
objs = objWMIService.ExecQuery ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System' ")
nobjs = objs.count - 1
For i as integer = 0 to nobjs
Dim stringData As String
objProperty = objs.ItemIndex(i)
// ItemIndex() is not supported in Windows XP only from Windows Vista and upwards
stringData = "Category: " + objProperty.Value("Category") + EndOfLine _
+ "ComputerName: " + objProperty.Value("ComputerName") + EndOfLine _
+ "EventCode: " + objProperty.Value("EventCode") + EndOfLine _
+ "Message: " + objProperty.Value("Message") + EndOfLine _
+ "RecordNumber: " + objProperty.Value("RecordNumber") + EndOfLine _
+ "SourceName: " + objProperty.Value("SourceName") + EndOfLine _
+ "TimeWritten: " + objProperty.Value("TimeWritten") + EndOfLine _
+ "EventType: " + objProperty.Value("EventType") + EndOfLine _
+ "User: " + objProperty.Value("User") + EndOfLine
msgbox stringData
Next
locator = Nil
exception err as oleexception
msgbox err.messageHow to read Windows Application log:
// This example will read Windows Application event log file
// http://library.wmifun.net/cimv2/win32_ntlogevent.html
Dim locator, objWMIService, objs, objProperty As OLEOBJECT
Dim nobjs as Integer
// Connect to WMI
locator = new oleObject("WbemScripting.SWbemlocator", true)
Dim wmiServiceParams(2) as variant
wmiServiceParams(1) = "."
wmiServiceParams(2) = "root\\cimv2"
objWMIService= locator.invoke("ConnectServer", wmiServiceParams)
// Run the WMI query
objs = objWMIService.ExecQuery ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' ")
nobjs = objs.count - 1
For i as integer = 0 to nobjs
Dim stringData As String
objProperty = objs.ItemIndex(i)
// ItemIndex() is not supported in Windows XP only from Windows Vista and upwards
stringData = "Category: " + objProperty.Value("Category") + EndOfLine _
+ "ComputerName: " + objProperty.Value("ComputerName") + EndOfLine _
+ "EventCode: " + objProperty.Value("EventCode") + EndOfLine _
+ "Message: " + objProperty.Value("Message") + EndOfLine _
+ "RecordNumber: " + objProperty.Value("RecordNumber") + EndOfLine _
+ "SourceName: " + objProperty.Value("SourceName") + EndOfLine _
+ "TimeWritten: " + objProperty.Value("TimeWritten") + EndOfLine _
+ "EventType: " + objProperty.Value("EventType") + EndOfLine _
+ "User: " + objProperty.Value("User") + EndOfLine
msgbox stringData
Next
locator = Nil
exception err as oleexception
msgbox err.messageJohn,
This seems to work but it is slower than the LogParse utility. I figured out the other data I need is in the Message Property and will take further parsing.
Thanks,
Mark