[logs] Getting Windows logs through WMI
Paul Melson
pmelson at gmail.com
Wed Jan 16 04:05:38 PST 2008
On Jan 16, 2008 12:40 AM, Vincent Bernat <bernat at luffy.cx> wrote:
[...]
> However, it seems that there is a major drawback to using WMI: when the
> event log file is 100 MB large, the WMI call timeout whatever the
> request is. I mean, you may ask for log trail 45722 or for 100 last log
> trails or 100 first log trails, the WMI call takes too much time and
> timeout.
[...]
> For some large organization, a 100 MB large file is quite common (and
> filled in a hour, so we cannot ask them to use smaller size). Do you
> know of any workaround to this limitation?
I've not run across this issue before. Can you tell me more about the
environment? The version of Windows Server, the hardware of the
server(s), etc. ?
Also, what log file are you trying to retrieve? And what does your
WQL query look like? (i.e. "Select * from Win32_NTLogEvent Where
Logfile = 'Security'")
And finally, if you're doing this currently with VBScript, have you
thought about changing languages? I know that in general timeouts for
objWMI/GetObject in VBScript are an issue. Seems to me that if you
were to write your handler in, say C#, that you would be able to
increase the connection timeout to whatever you wanted.
PaulM
More information about the LogAnalysis
mailing list