Speeding up reading Eventlog

[David Johnson]

Hi, I'm using wmi to read the event log. After just a small number of
entries, it really slows down. I'd really like to speed it up.

Any suggestions?

Here's a code snippet:

'Connect to WMI using the current user's credentials
Set objWMIService =
GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" &
strComputer & "\root\cimv2")
'
'Query WMI for all 539 errors in the event log
'Note: This takes a long time on big event logs
wscript.echo "Retrieving records from the Security Log."
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode =
'539'")
'
'For all the Event records with 539 errors...
For Each objEvent in colLoggedEvents
'
'do stuff
Next

 

[Philip Nunn [MSFT]]

Since by default the enumerator is bidirectional which requires WMI to cache
each object, large numbers of objects will slow the query down. This can be
altered using the flags wbemFlagForwardOnly and wbemFlagReturnImmediately
when you ExecQuery. Here's a snippet to get you going.

wbemFlagReturnImmediately = 16
wbemFlagForwardOnly = 32
IFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
wscript.echo semisynchronousflags
set objWMIService = GetObject("winmgmts:root\cimv2")
' Query for all the Win32_Process objects on the
' local machine and use forward-only enumerator
set colProcesses = objWMIService.ExecQuery_
("SELECT Name FROM Win32_Process",,IFlags)
' Receive each object as it arrives
For Each objProcess in colProcesses
WScript.Echo objProcess.name
Next