Managing `EventLog` using Visual Basic.NET and VBScript - How to copy “EventLog” information into a text file using Visual Basic.NET
(Page 4 of 4 )
We have already seen how to take a backup of “EventLog” in the previous sections. Now let us look into “copying an EventLog into a text file.” Even this section does not need any wrapper, as we are not retrieving any information.
Let us proceed with the Visual Basic.NET version first:
Private Sub Button3_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button3.Click
Try
Dim classInstance As New ManagementObject( _
"root\CIMV2", _
"Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'", Nothing)
Dim inParams As ManagementBaseObject =
classInstance.GetMethodParameters("Copy")
inParams("FileName") = "c:\sample.txt"
Dim outParams As ManagementBaseObject = _
classInstance.InvokeMethod("Copy", inParams,
Nothing)
Console.WriteLine("Out parameters:")
Console.WriteLine("ReturnValue: {0}", outParams
("ReturnValue"))
Catch err As ManagementException
MessageBox.Show("An error occurred while trying to
execute the WMI method: " & err.Message)
End Try
End Sub
“inParams” (which is of type System.Managment.ManagmentBaseObject) is mainly used to pass parameters (input parameters) to the “Copy” method (WMI method) dynamically. Now we are trying to pass a file name as part of the input parameter (which is a bit different from previous sections). The input parameter is assigned as follows:
inParams("FileName") = "c:\sample.txt"
Similarly, “outParams” generally contains the result of method execution.
Here is the VBScript version, which is very similar to the Visual Basic.NET version):
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\CIMV2")
Set objShare = objWMIService.Get("Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'")
Set objInParam = objShare.Methods_("Copy"). _
inParameters.SpawnInstance_()
objInParam.Properties_.Item("FileName") = "c:\sample.txt"
Set objOutParams = objWMIService.ExecMethod
("Win32_NTEventlogFile.Name='C:\WINDOWS\system32
\config\AppEvent.Evt'", "Copy", objInParam)
Wscript.echo "ReturnValue: " & objOutParams.ReturnValue
How about deleting, compressing, and similar types of operations on “EventLog” using Visual Basic.NET?
As the coding is quite similar to the above for the features like deleting, compressing, and so on, I just wanted to provide some of the most useful methods available within the “Win32_NTEventLogFile” class. By using these methods, you can still write your own routines, which could be the extensions of the above routines.
Following is the list of methods in the class “Win32_NTEventLogFile”, which you might find useful:
Compress
CompressEx
Copy
CopyEx
Delete
DeleteEx
Rename
UnCompress
UnCompressEx
You need to check through the MSDN library for the parameters of the methods along with descriptions and usage. But the program skeleton to work with the above methods will be very similar to the ones I provided above.
Currently, I used VB.NET (especially for programmers) and VBScript (for system administrators) to manage the EventLog. But if you would like to manage EventLog remotely using the web, I suggest you use ASP.NET. The coding will be very similar to that of VB.NET. But be sure to make some modifications towards ASP.NET security to work with EventLog. Further, you can extend the same to the PocketPC level, just to manage EventLog, by developing a Smart Device application.
Any comments, suggestions, bugs, errors, feedback etc. are highly appreciated at jag_chat@yahoo.com.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
