Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP WMI
WMI query with categorystring
Forums
Newsgroups
Windows XP
Windows XP WMI
WMI query with categorystring
 |
WMI query with categorystring |
|
|
Thread Tools | Rate Thread |
23-06-2004, 11:11 AM
|
#1 |
|
Guest
Posts: n/a
|
WMI query with categorystring
When doing a query towards a Win2K box the below SQL statement:
select * from win32_ntlogevent where logfile='Security' and sourcename='Security' and categorystring='Account Logon' and eventcode='680' and recordnumber> 10 I get no matching records If I do select * from win32_ntlogevent where logfile='Security' and sourcename='Security' and category=9 and eventcode='680' and recordnumber> 10 I do get matching records From my understanding category=9 is the same as categorystring='Account Logon' Any ideas when a query using the "categorystring" isn't returning matching records while doing it with category it is. And IF I can only use category in the query instead of categorystring, is there somewere a full list of category(string)s? That way I can at least show my uses a list of what they can select. dirk; |
|
|
28-06-2004, 06:01 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: WMI query with categorystring
If you run the second query (with category=9) in wbemtest, and then open one
of the returned entries, is the category string what you expect? ('Account Logon') -Jason "Dirk" <dirk@nospam_to_remove_ofcourse.woodstone.nu> wrote in message news:OC1LOLRWEHA.712@TK2MSFTNGP11.phx.gbl... > When doing a query towards a Win2K box the below SQL statement: > > select * from win32_ntlogevent where logfile='Security' and > sourcename='Security' and categorystring='Account Logon' and > eventcode='680' > and recordnumber> 10 > > I get no matching records > > If I do > select * from win32_ntlogevent where logfile='Security' and > sourcename='Security' and category=9 and eventcode='680' and recordnumber> > 10 > I do get matching records > > From my understanding category=9 is the same as categorystring='Account > Logon' > > > Any ideas when a query using the "categorystring" isn't returning matching > records while doing it with category it is. > And IF I can only use category in the query instead of categorystring, is > there somewere a full list of category(string)s? That way I can at least > show my uses a list of what they can select. > > > dirk; > > > > > > > |
|
|
|
28-06-2004, 08:23 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: WMI query with categorystring
I tried it from within VB and that was the string I got back.
That's also what you see using the eventviewer. dirk. "Jason Lee (MSFT)" <jalee@online.microsoft.com> wrote in message news:OkCmmnTXEHA.2816@TK2MSFTNGP11.phx.gbl... > If you run the second query (with category=9) in wbemtest, and then open one > of the returned entries, is the category string what you expect? ('Account > Logon') > > -Jason > > "Dirk" <dirk@nospam_to_remove_ofcourse.woodstone.nu> wrote in message > news:OC1LOLRWEHA.712@TK2MSFTNGP11.phx.gbl... > > When doing a query towards a Win2K box the below SQL statement: > > > > select * from win32_ntlogevent where logfile='Security' and > > sourcename='Security' and categorystring='Account Logon' and > > eventcode='680' > > and recordnumber> 10 > > > > I get no matching records > > > > If I do > > select * from win32_ntlogevent where logfile='Security' and > > sourcename='Security' and category=9 and eventcode='680' and recordnumber> > > 10 > > I do get matching records > > > > From my understanding category=9 is the same as categorystring='Account > > Logon' > > > > > > Any ideas when a query using the "categorystring" isn't returning matching > > records while doing it with category it is. > > And IF I can only use category in the query instead of categorystring, is > > there somewere a full list of category(string)s? That way I can at least > > show my uses a list of what they can select. > > > > > > dirk; > > > > > > > > > > > > > > > > |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
