tango
2009-10-22 09:22:02 UTC
(I'm sure I posted this question to microsoft.public.win32.programmer.wmi but
now I don't see the programmer.wmi forum in the list and I cant' find my
post. So I repost it again....)
We are using the win32_NTLogEvent class to retrieve events and store them to
a database. We have noticed that in windows 2008 32bit and vista 32bit the
win32_NTLogEvent.TimeGenerated is returned in GMT with an offset value of
000. In earlier versions of windows, win32_NTLogEvent.TimeGenerated is
returned in localtime with an offset relative to GMT.
For Example these two are exactly the same date:
WinXP TimeGenerated 10:00 GMT 120 (20091016100000.000000+120)
Vista/2008 TimeGenerated 08:00 GMT 000 (20091016080000.000000+000)
This, of course, creates inconsistency in data depending on the source OS.
We would like to know if this change is intentionate and if means of easily
recovering the local time instead have been provided.
Thank you very much,
Tango.
now I don't see the programmer.wmi forum in the list and I cant' find my
post. So I repost it again....)
We are using the win32_NTLogEvent class to retrieve events and store them to
a database. We have noticed that in windows 2008 32bit and vista 32bit the
win32_NTLogEvent.TimeGenerated is returned in GMT with an offset value of
000. In earlier versions of windows, win32_NTLogEvent.TimeGenerated is
returned in localtime with an offset relative to GMT.
For Example these two are exactly the same date:
WinXP TimeGenerated 10:00 GMT 120 (20091016100000.000000+120)
Vista/2008 TimeGenerated 08:00 GMT 000 (20091016080000.000000+000)
This, of course, creates inconsistency in data depending on the source OS.
We would like to know if this change is intentionate and if means of easily
recovering the local time instead have been provided.
Thank you very much,
Tango.