Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP WMI
Categorystring
Forums
Newsgroups
Windows XP
Windows XP WMI
Categorystring
 |
Categorystring |
|
|
Thread Tools | Rate Thread |
06-07-2004, 12:47 PM
|
#1 |
|
Guest
Posts: n/a
|
Categorystring
When doing a query towards a Win2K box the below SQL statement:
select * from win32_ntlogevent where logfile='Security' and sourcename='Security' and categorystring='Account Logon' and eventcode='680' and recordnumber> 10 I get no matching records If I do select * from win32_ntlogevent where logfile='Security' and sourcename='Security' and category=9 and eventcode='680' and recordnumber> 10 I do get matching records From my understanding category=9 is the same as categorystring='Account Logon' Any ideas when a query using the "categorystring" isn't returning matching records while doing it with category it is. And IF I can only use category in the query instead of categorystring, is there somewere a full list of category(string)s? That way I can at least show my uses a list of what they can select. |
|
|
08-07-2004, 03:54 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Categorystring
I don't know why this happens -- it shouldn't, and it doesn't on my XP --
but for your query you can safely ignore the category. Every event in eventlog is completely defined by the SourceName and the EventIdentifier. The Category, athough part of the event, is just informative. The EventCode is always the lower 16bit of the EventIdentifier. Theoretically is possible to have two different EventIdentifiers with the same EventCode, but I've yet to see such case. Ven "Dirk" <dirk@nospam_to_remove_ofcourse.woodstone.nu> wrote in message news:O0JA4d1YEHA.3112@tk2msftngp13.phx.gbl... > When doing a query towards a Win2K box the below SQL statement: > > select * from win32_ntlogevent where logfile='Security' and > sourcename='Security' and categorystring='Account Logon' and eventcode='680' > and recordnumber> 10 > > I get no matching records > > If I do > select * from win32_ntlogevent where logfile='Security' and > sourcename='Security' and category=9 and eventcode='680' and recordnumber> > 10 > I do get matching records > > From my understanding category=9 is the same as categorystring='Account > Logon' > > > Any ideas when a query using the "categorystring" isn't returning matching > records while doing it with category it is. > And IF I can only use category in the query instead of categorystring, is > there somewere a full list of category(string)s? That way I can at least > show my uses a list of what they can select. > > > > |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
