question

16656155 avatar image
0 Votes"
16656155 asked ·

利用WMI 采集远程Windows 日志(应用、系统、安全)

目前都已配置成功,但是有两个问题

  1. 问题一:WMI 采集远程Windows 日志(应用、系统、安全)是否可以通过Win32_NTLogEvent class 能够采集?

  2. 问题二:目前采用的WQL语句是:Select * from Win32_NTLogEvent WHERE Logfile ='system',但是发现跟windows 计算机管理-事件查看器中看到系统、应用、安全的日志数量不符。通过WMI采集的日志明显少于事件查看器中的日志
    请大佬们给与建议,谢谢!!!


not-supported
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DSPatrick avatar image
0 Votes"
DSPatrick answered ·

Win32 is not supported here on QnA. I'd try asking for help in dedicated forums here.

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/home?forum=windowsgeneraldevelopmentissues


--please don't forget to Accept as answer if the reply is helpful--


Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management


Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.




· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.