How to get all event log events newer than a given date

Discussion:

(too old to reply)

News123

2010-04-22 23:03:12 UTC

Hi,

currently I am using following query in order to get all event logs on
my system

"Select * from Win32_NTLogEvent"

now I wonder how to get only entries between two dates?

example all events >= 2010-04-20 00:00:03
and < 2010-04-22 17:23:11

What would be the exact syntax for this query.

Is there any good tutorial about WMI queries?

Thanks a lot for any suggestions

N

News123

2010-04-23 00:30:42 UTC

Permalink

Hi I found my own answer for my current problem.
I would still be interested in any good utorials.
.

Post by News123
Hi,
currently I am using following query in order to get all event logs on
my system
"Select * from Win32_NTLogEvent"
now I wonder how to get only entries between two dates?
example all events >= 2010-04-20 00:00:03
and < 2010-04-22 17:23:11

My mistake ws to try it with:

Select * from Win32_NTLogEvent where
TimeGenerated > "20100420000003"
and
TimeGenerated < "20100422172311"

What seems to be important is to have exactly the correct string length
for date tiem entries.
So this works:

Select * from Win32_NTLogEvent where
TimeGenerated > "20100420000003.000000-000"
and
TimeGenerated < "20100422172311.000000-000"

N

urkec

2010-04-30 17:58:01 UTC

Permalink

Post by News123
Hi I found my own answer for my current problem.
I would still be interested in any good utorials.
..

Select * from Win32_NTLogEvent where
TimeGenerated > "20100420000003"
and
TimeGenerated < "20100422172311"
What seems to be important is to have exactly the correct string length
for date tiem entries.
Select * from Win32_NTLogEvent where
TimeGenerated > "20100420000003.000000-000"
and
TimeGenerated < "20100422172311.000000-000"
N
.

In Windows XP and later, you can also use the SWbemDateTime object:

http://msdn.microsoft.com/en-us/library/aa393687(VS.85).aspx

--
urkec

My CodeProject articles:
http://www.codeproject.com/script/Articles/MemberArticles.aspx?amid=4210975