HEELPBOOK - How to get last event (based on ID) triggered on a Windows system (WMI) ############################################

It could be useful to get the last event, based on ID, on a Windows-based system through a WMI query using VBScript.

The following code will get the last event using the ID code specified in the WMI query (EventCode = '7036' in this example):

'Run the function
ShowServicesEvent

'The function
Public Function ShowServicesEvent()

Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
count = 0
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServiceEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = '7036'")
For Each strEvent in colServiceEvents
dtmConvertedDate.Value = strEvent.TimeWritten
Wscript.Echo dtmConvertedDate.GetVarDate
Wscript.Echo strEvent.Message
count = count + 1
if count <> 0 Then
Exit Function
End If
Next
End Function


###### Note: note that the "count" section is needed to limit the results provided by WMI Core to a unique record. This is needed because WMI queries doesn't support a "SELECT TOP {X}..." query type.

The following is the version without the "LIMIT 1" code portion (pay attention to run this code through a VBScript because it could provide a lot of records using MsgBox):


Public Function ShowServicesEvent()
Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
count = 0
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServiceEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = '7036'")
For Each strEvent in colServiceEvents
dtmConvertedDate.Value = strEvent.TimeWritten
Wscript.Echo dtmConvertedDate.GetVarDate
Wscript.Echo strEvent.Message
Next
End Function


################ Parametric Version


ShowServicesEvent(1000)

Public Function ShowServicesEvent(evcode)
Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
evecode = evcode
count = 0
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServiceEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = '" & evecode & "'")
For Each strEvent in colServiceEvents
dtmConvertedDate.Value = strEvent.TimeWritten
Wscript.Echo dtmConvertedDate.GetVarDate
Wscript.Echo strEvent.Message
count = count + 1
if count <> 0 Then
Exit Function
End If
Next
End Function



############ ARTICLE INFO #############

Article Month: January
Article Date: 24/01/2012
Permalink: http://heelpbook.altervista.org/2013/how-to-get-last-event-based-on-id-triggered-on-a-windows-system-wmi/
Source: http://www.heelpbook.net/
Language: English

View more articles on: http://www.heelpbook.net/
Follow us on Facebook: http://it-it.facebook.com/pages/HeelpBook/100790870008832
Follow us on Twitter: https://twitter.com/#!/HeelpBook
Follow us on RSS Feed: http://feeds.feedburner.com/Heelpbook
Follow us on Delicious: http://delicious.com/heelpbook
Linkedin: http://it.linkedin.com/pub/stefano-maggi/27/73a/b20
Google+ : https://plus.google.com/116990277568167008289/posts