Managing `EventLog` using Visual Basic.NET and VBScript - How to list all “Blue Screen” events (or STOP errors) using Visual Basic.NET
(Page 2 of 4 )
Those who are working with Windows would definitely experience “Blue Screen” errors in some situations (especially when hardware malfunctions occur). We can still get those events using Visual Basic.NET.
To get the event information, I am using the same wrapper I used in the previous section. So, I don’t want to repeat it. The following modification to the above program (in vb.net) would give the required result.
Dim searcher As New ManagementObjectSearcher( _
"root\CIMV2", _
"Select * from Win32_NTLogEvent Where Logfile =
'System'" _
& " and SourceName = 'SaveDump'")
The only difference is that I am trying to filter out the events, which are only “System” events, and the source related to “SaveDump.” When “Blue Screen” errors occur, they dump all the information available at that instance onto the hard disk for future analysis.
The modification to the VBScript would be the following:
Set colItems = objWMIService.ExecQuery( _
" Select * from Win32_NTLogEvent Where Logfile = 'System'
and SourceName = 'SaveDump'",,48)
How to make a backup of “EventLog” dynamically using Visual Basic.NET
Making a backup of an “EventLog” is also a part of managing “EventLog” information. Actually we can do this manually using the MMC snap-in. But, our intention is to work through the classic Visual Basic.NET (or VBScript). As we are doing manipulation instead of retrieving information, this section does not need any wrapper to work with.
Let us proceed with the Visual Basic.NET version first:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button1.Click
Try
Dim classInstance As New ManagementObject( _
"root\CIMV2", "Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'", Nothing)
Dim inParams As ManagementBaseObject = _
classInstance.GetMethodParameters
("BackupEventlog")
Dim outParams As ManagementBaseObject = classInstance.InvokeMethod("BackupEventlog",
inParams, Nothing)
MessageBox.Show("Return Value " & outParams
("ReturnValue"))
Catch err As ManagementException
MessageBox.Show("An error occurred while trying to
execute the WMI method: " & err.Message)
End Try
End Sub
And here, the script is quite different from some of my scripts available in my previous articles. In the above script, I started working with “InvokeMethod”, which is used to execute a WMI method dynamically! So the following is the most important statement within the above code:
Dim outParams As ManagementBaseObject = _
classInstance.InvokeMethod("BackupEventlog",
inParams, Nothing)
“inParams” (which is of type System.Managment.ManagmentBaseObject) is mainly used to pass parameters (input parameters) to the “BackupEventLog” method (WMI method) dynamically. Similarly, “outParams” generally contains the result of method execution.
Here is the e VBScript version, which would be very similar to the Visual Basic.NET version:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\CIMV2")
Set objShare = objWMIService.Get
("Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'")
Set objInParam = objShare.Methods_("BackupEventlog"). _
inParameters.SpawnInstance_()
Set objOutParams = objWMIService.ExecMethod
("Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'", "BackupEventlog", objInParam)
Wscript.echo "ReturnValue: " & objOutParams.ReturnValue
Next: How to clear “EventLog” dynamically using Visual Basic.NET >>
More Visual Basic.NET Articles
More By Jagadish Chaterjee
