All Forums >> [Scripting] >> WSH & Client Side VBScript >> Querying Security event log in Vista Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!
I'm putting together a WMI script to query the Security event log. Here's the script so far:
compName = "localhost" Set objWMI = GetObject("winmgmts:{(Security)}!\\" & _ compName & "\root\cimv2") Set colSecLog = objWMI.ExecQuery("SELECT * FROM Win32_NTLogEvent Where " & _ "LogFile = 'Security'") For Each objEvent in colSecLog WScript.Echo "Category: " & objEvent.CategoryString & VBCrLf & _ "Computer: " & objEvent.ComputerName & VBCrLf & _ "User: " & objEvent.User & VBCrLf & _ "Event Type: " & objEvent.Type & VBCrLf & _ "Event Code: " & objEvent.EventCode & VBCrLf & _ "Source Name: " & objEvent.SourceName & VBCrLf & _ "Time Written: " & objEvent.TimeWritten & _ VBCrLf & VBCrLf & _ "Message: " & VBCrLf & VBCrLf & objEvent.Message ' ' Just Echo one event for now ' Exit For Next
(To keep things simple, I've taken out a bunch of Where clauses.)
This code works fine in XP, but on Vista machines the query always returns nothing. If I change the LogFile to, say, System, the script works in Vista.
Any idea why Vista always returns nothing when you query the Security log?
I don't get an error, it just doesn't return any events. For example, Event Viewer shows that I have 25,749 events in the Security log. However, when I run this script, no events are returned ( that is, the WScript.Echo inside the For Each loop never runs).
Okay, I solved it. The script works in Vista if you run it from an elevated Command Prompt (right-click Command Prompt and then click Run As Administrator).
All Forums >> [Scripting] >> WSH & Client Side VBScript >> Querying Security event log in Vista 
Printable Version
Querying Security event log in Vista - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread