Querying the Event Logs
The Event Logs are typically a system administrator’s first line of inquiry when trying to troubleshoot problems. Since they are so important, it is also important to see how we can make use of them with WMI. The two major components that we need to be concerned with are the Event Logs themselves and the events contained within each Event Log. We will first focus on properties of Event Logs.
The Win32_NTEventLogFile class represents an Event
Log. Table 26-4 contains several
Win32_NTEventLogFile properties that can be used
to query or modify properties of a Event Log.
Table 26-4. Useful Win32_NTEventLogFile properties
|
Property |
Description |
|---|---|
|
FileSize |
Size of the Event Log file in bytes. |
|
LogFileName |
Standard name used for describing the Event Log (e.g., Application). |
|
MaxFileSize |
Max size in bytes that the Event Log file can reach. This is a writeable property. |
|
Name |
Fully qualified path to the Event Log file. |
|
NumberOfRecords |
Total number of records in the Event Log. |
|
OverwriteOutDated |
Number of days after which events can be overwritten. This is a writeable property with 0 indicating to overwrite events as needed, 1-365 being the number of days to wait before overwriting, and 4294967295 indicating that events should never be overwritten. |
|
OverwritePolicy |
Text description of the overwrite policy (as specified by the
|
|
Sources |
Array of registered sources that may write entries ... |
Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
