Using WMI to Access the Security Log

[Guest]

Hi Everyone,

I'm having a problem with a VB.Net 2005 app I’m trying to write.
Basically, I need to pull all events with a certain Event ID out of a given
system’s Security log and dump them in a database. I can get this to work OK
for the System & Application logs, but not for Security

I understand from some other postings on MSDN’s newsgroups that this is
because I need to ‘take the security privilege’, but the only examples of how
to do this I can find of how to do this are for C something-or-other and
VBscript, and I don’t know how to convert either into VB.net!

If anyone could help me fix this I’d really appreciate it!

At the moment I’m just testing getting events out on the local system with
WMI, and so far my code looks like this;

Dim search As New ManagementObjectSearcher("SELECT * FROM
Win32_NTLogEvent WHERE LogFile = 'Security' AND EventCode = 612")

Dim info As ManagementObject
For Each info In search.Get()
txtOutput.Text &= info("EventCode").ToString() & vbCrLf
txtOutput.Text &= info("SourceName").ToString() & vbCrLf
txtOutput.Text &= info("Message").ToString() & vbCrLf
Next

When I run it, it doesn’t produce any output, not even an error message!

Thanks in advance for any help,

Thanks,
Chris

 

[Guest]

I’ve managed to get this working now! So, for anyone else who’s had this
problem here’s the code;

Dim objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate,(Security)}!\\" & strSystem & "\root\cimv2")
Dim aryEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent
Where LogFile='Security' AND EventCode = 612")
Dim evt
For Each evt In aryEvents
‘ Do something
Next

I know it doesn’t strictly look like VB.net code, but I pumped this into VB
2005 Express Edition and it runs perfectly!

Hope this is useful to someone

Thanks,
Chris