Search:   Namespaces Discussions .NET v1.1 Feedback

VB.net WMI Win32_NtlogEvent problem, please help Messages   Related Types This message was discovered on microsoft.public.dotnet.general. Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions. Post a new message to this list... Jason80 (VIP) First I wrote some _VBScript to get info from OS, and now I wrote some code in VB.Net, and I have a problem now. Look at this script in vbs List1.vbs: strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") strWQL="SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA ""Win32_NTLogEvent"" " Set objEventSource = objWMIService.ExecNotificationQuery(strWQL) Do Set objLatestEvent = colMonitoredEvents.NextEvent Wscript.Echo "OK" Loop I use it to register the Win32_ntlogEvent , so that i can get some info where a new log written into the logfiles. List1 works very well on Windows 2003 Server, but when I try it on Windows 2000 Server, it echoed the connection was refused . So I edited it into List2, strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel= impersonate, (Security)}!\\" & strComputer & "\root\cimv2") Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ ("Select * from __instancecreationevent WITHIN 5 where TargetInstance isa 'Win32_NTLogEvent' ") Do Set objLatestEvent = colMonitoredEvents.NextEvent Wscript.Echo "OK" Loop and list2 works well on Window2000. i noticed the security setting so when I wrote the code(List3) in vb.net, I added " watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate watcher.Scope.Options.Authentication = AuthenticationLevel.Default " options in the vb.net code, but the bin still can not run on windows2000, while it works well on Server2003. i am puzzled! : ( , List3: Imports System.management Module Module1 Sub main() Dim eventQuery As New EventQuery("SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' ") 'Initialize an event watcher object with this query Dim watcher As New ManagementEventWatcher watcher.Scope.Path.Server = "." watcher.Scope.Path.Path = "\\.\root\CIMV2" watcher.Scope.Path.NamespacePath = "root\CIMV2" watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate watcher.Scope.Options.Authentication = AuthenticationLevel.Default watcher.Scope.Options.EnablePrivileges = False watcher.Query = eventQuery watcher.Start() MsgBox("Listening started！") Dim handler As New EventHandler AddHandler watcher.EventArrived, AddressOf handler.HandleEvent System.Threading.Thread.Sleep(-1) End Sub End Module Public Class EventHandler Public Sub HandleEvent(ByVal sender As Object, ByVal e As EventArrivedEventArgs) Console.Write("OK") End Sub End Class but after I changed the Query String to : 'Dim eventQuery As New EventQuery("SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance ='Application' ") The bin could run well under windows2000 too, but if you change the targetinstance to Security, you get the access denied message again. So finally i have two questions: Why can not i register to the Win32_NtlogEvent, bu t i can register to the application part in Win32_ntlogevent? Is that a security problem? Thank you for you time. Reply to this message...        MarkD VIT@UK (VIP) Hello Jason, I am not an expert on this but I have written some vb.net code to do something similar. My understanding is the even if you run this with an administravtive level account some security permissions are not enabled unless you explicitly do so. The line "watcher.Scope.Options.EnablePrivileges = True" allows me to do the same type of thing. I have bene running this code on Win XP SP1, Win XP SP2, Win2003, Win2000 Server under .Net 1.1 without any problems. I have upgraded a few test machines for .Net 1.1 SP1 and I now have security related problems (access denied on the watcher start command). The access deinied is driven by trying to access the "security" logfile. This may be the case for you. I have used the command Dim q As New WqlEventQuery( _ "__InstanceCreationEvent", _ New TimeSpan(0, 0, 10), _ "TargetInstance ISA ""Win32_NTLogEvent"" " & _ "and (" & _ "TargetInstance.LogFile = ""Audit Success"" or " & _ "TargetInstance.LogFile = ""Audit Failure"" or " & _ "TargetInstance.LogFile = ""Application"" or " & _ "TargetInstance.LogFile = ""System"" " & _ ")") which explicitly identifies the logfiles of interest (and does not require EnabledPrivilages to be set to true). I hope this helps, Mark "Jason80" wrote: [Original message clipped] Reply to this message...        Jason80 (VIP) Thank you for your answer, and i have tried the "watcher.Scope.Options.EnablePrivileges = True" but i still can not access the whole "Win32_NtlogEvent" class, and i can access Application, System. So strange. Thank you anyway, hope you can get your answer soon "MarkD VIT@UK" wrote: [Original message clipped] Reply to this message...        Jason80 (VIP) Thank you for your answer, and i have tried the "watcher.Scope.Options.EnablePrivileges = True" but i still can not access the whole "Win32_NtlogEvent" class, and i can access Application, System. So strange. Thank you anyway, hope you can get your answer soon "MarkD VIT@UK" wrote: [Original message clipped] Reply to this message...        MarkD VIT@UK (VIP) Hi Janson, There was another discussion I had on this subject in the microsoft.public.dotnet.framework group - the subject was Subject: Problem with .NET 1.1 SP1 - Events This may help give more details on the subject. Thanks, Mark "Jason80" wrote: [Original message clipped] Reply to this message...     System.Console System.EventHandler System.Management.AuthenticationLevel System.Management.EventArrivedEventArgs System.Management.EventQuery System.Management.ImpersonationLevel System.Management.ManagementEventWatcher System.Management.WqlEventQuery System.Threading.Thread System.TimeSpan Ad MBR BootFX Best-of-breed application framework for .NET projects, developed by Matthew Baxter-Reynolds and MBR IT

Copyright © Matthew Baxter-Reynolds 2001-2008. '.NET 247 Software Development Services' is a trading style of MBR IT Solutions Ltd. Contact Us - Terms of Use - Privacy Policy - www.dotnet247.com