WMI Win32_NTLogEvent

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

Platform: Windows 2000 and NT 4.0, Perl Activestate 5.6.1

I'm using WMI's Win32_NTLogEvent, but on machines with large event logs or numerous events the job doesn't finish. The way WMI does its query/can't handle the indexing requires an abundance of server resources.

$aevents = $Wmi->ExecQuery("SELECT * FROM $Win32_Class  WHERE LogFile=
+'Security' AND Eventcode=560")
[download]

I found a few links that suggested replacing ExecQuery with ExecQueryAsync and

$aevents = $Wmi->ExecQuery("SELECT * FROM $Win32_Class  WHERE LogFile=
+'Security' AND Eventcode=560",,'48')
[download]

but it didn't work. Any suggestions?

Thanks. Mitch

Comment on WMI Win32_NTLogEvent Select or Download Code

Replies are listed 'Best First'.
Re: WMI Win32_NTLogEvent by Anonymous Monk on Sep 18, 2003 at 09:28 UTC
Hi, Mitch Have you tried the same thing using `Win32::EventLog` which is included in your Perl distribution?	[reply] [d/l]
Re: Re: WMI Win32_NTLogEvent by Anonymous Monk on Sep 18, 2003 at 15:00 UTC
Yes, that's what I used to use in the past, but it has its issues too. WMI is more reliable, but is really slow for large logs. I found some VB & vbs scripts on the web to run Win32_NTLogEvent in asynchronous mode, but I've been having trouble converting it to Perl. The temporary solution for me is just to allow the scheduled job to run. The job is taking 10 hours. Once I give myself a crash course in vbs I'll have to rewrite the program and hopefully it will run much faster. Mitch	[reply]