Modify the WHERE clause for different criteria. Specify a different log name for a different log.
Be warned that if you try to query ALL events it might take a VERY. LONG. TIME. Stick to querying for a specific event code.
Code: Select all
VBSTART
Function ReadEventLog(LogFile,byCode,Code)
Dim eventList
eventList = ""
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
If byCode = true Then
where = "Where Logfile = '" & LogFile & "' and EventCode = '" & Code & "'"
Else
where = "Where Logfile = '" & LogFile & "'"
End If
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent " & where)
For Each objEvent in colLoggedEvents
eventList = eventList & objEvent.Type & ";" & objEvent.TimeWritten & ";" & objEvent.SourceName & ";" & _
objEvent.Category & ";" & objEvent.EventCode & ";" & objEvent.Message & ";" & _
objEvent.RecordNumber & ";" & objEvent.User & chr(13) & chr(10)
Next
eventList = Trim(eventList)
ReadEventLog = eventList
End Function
VBEND
//Get all system event log events for code 6008 (Unexpected shutdowns)
VBEval>ReadEventLog("System",true,6008),eventList
//create and loop through array
Separate>eventList,CRLF,events
If>events_count>0
Let>k=0
Repeat>k
Let>k=k+1
Let>line=events_%k%
//splite line into component parts
Separate>line,;,parts
//do what you need ....
MessageModal>%parts_1% - %parts_2% - %parts_5% - %parts_6%
Until>k=events_count
Endif