Click here to Skip to main content
15,886,137 members
Search within:


How to fetch "applications and services logs" event logs using WMI query in C#?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
WMI
Hi All,

I am using Fetching Application event log, System event logs under the "Windows Log" using WMI QUERY as below
SQL
Select * From Win32_NTLogEvent Where Logfile ='Application'

now i want to fetch the logs which are maintaining under the "Applications and Services Logs" but using this query i am not able to fetch the information.

Please help to write correct query.
TIA

What I have tried:

i tried WMI query for this.but not getting the result for "Applications and Services" event logs
Posted
Updated 25-May-21 12:08pm
v2
Add a Solution

2 solutions

First you need to add an entry to the Registry for the log from the "Applications and Services Logs" that you want before you can access it using WMI. These newer logs are not listed in the Registry by default and WMI checks the registry for which logs are available for it to access.

To find the log's actual name, open the the Event Viewer and expand the tree containing the log that you want, then copy the contents of the Full Name field from the Properties dialogue- for example:

Microsoft-Windows-DriverFrameworks-UserMode/Operational

Next, open the Registry using the registry editor (regedit.exe) and navigate to the this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog

Create a new Key underneath this one, naming it using the Full Name above and close the registry editor to save the changes. It is a good idea to make a backup of the Registry before making any changes.

In your code, use the Full Name above to access the log. For example, using VBScript:

objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' AND EventCode='2003'")
 
Share this answer
 
Posted
According to several sources that I came up with on a quick Google search, those logs are not exposed via WMI.

You'll need to either pull them using Powershell, wevutil, or programatically access the logs through the registry.

There's a basic hook for the PS portion at: Powershell and the Applications and Services Logs – Let IT know[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Create event log under folder (applications and services logs)
Vba swbem WMI servicelogs query - win7x64
How to take backup of event log using C# and WMI
How to fetch User Rights Assignment using dos command or wmi query
How to fetch specific event log by passing record number
How to get iis log event?
How to fetch Returnurl in loggedin event
using WMI catch Keypress Event
How to create event log under a folder
How to send an alert using WMI with C#

Advertise
Privacy
Cookies
Terms of Use
Last Updated 25 May 2021
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900