Ajouter un commentaire

cynthia
Extraction de données de l'event log windows

Bonjour à tous,

J'aurai besoin de connaissance concernant l'event log sur windows 2008 R2. Je suis en train d'écrire un script vbs qui sera utiliser par une tache planifié chaque jour pour remonter certaines données qui se trouve sous event log. Mon probléme est que depuis windows 2008, on a cette arborescence :

Quote:

Event Viewer in Windows Vistaand Windows Server 2008 tracks information in a number of logs, including:
* Windows Logs. This provider contains the following events logs from the operating system:
    Application. Events in this Windows log are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that is not necessarily significant but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.
[=2]Security. This Windows log contains security-related events, which are called "audit events," and are described as successful or failed, depending on the event, such as whether a user's attempt to log on to Windows® was successful.[/]
[=3]Setup. This Windows log records events related to installing programs and services on the computer. Computers that are configured as domain controllers have additional logs displayed in this category.[/]
[=4]System. This Windows log records system events that are sent by Windows and Windows system services, and are classified as error, warning, or information.[/]
[=5]Forwarded Events. This Windows log records events are forwarded to this log by other computers.[/]

* Applications and Services Logs. Applications and Services Logs is a new category of event log provider. Each application or service installed on the computer will have an individual log. These logs store events from a single application or service rather than events that might have systemwide impact. This category of logs includes four subtypes for which the application or service can provide events: Admin, Operational, Analytic, and Debug logs.

Quand il s'agit de trouver des informations dans la partie Windows log j'y arrive en utilisant quelque chose de ce style :

Set objWMI = GetObject("winmgmts:" _
'& "{impersonationLevel=impersonate}!\\" _
'& strComputer & "\root\cimv2")
'Set colLoggedEvents = objWMI.ExecQuery _
'("Select * from Win32_NTLogEvent Where Logfile = " & strEventLog)

mais il semble que cela ne soit pas la même chose si on veut voir les données de l'application "Serveur" qui se trouverait sous Applications and Services Logs.

Est ce que quelqu'un saurait comment je pourrait modifier la requête cité précédemment pour accéder au resource se trouvant sous "serveur" ? Y'a t'il un moyen de faire un select * from All_table pour connaitre toutes les instances qu'il est possible d'interroger? (Car je ne suis pas sûre du nom de la table, "Serveur" correspondarait au nom que je vois en regardant par l'event viewer.

Merci de bien vouloir m'aider

Filtered HTML

Plain text

CAPTCHA
Cette question permet de vérifier que vous n'êtes pas un robot spammeur :-)
 TTTTTT   SSS   III   GGG   ZZZZZ 
TT S I G Z
TT SSS I G GG Z
TT S I G G Z
TT SSSS III GGG ZZZZZ