mark999 Posted April 15, 2014 Posted April 15, 2014 The following vbscript works - lists source of event log entries as made : Set objSink = WSCript.CreateObject("WbemScripting.SWbemSink","SINK_") Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!.rootcimv2") objWMI.ExecNotificationQueryAsync objSink, "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'" Sub SINK_OnObjectReady(objObject, objAsyncContext) WScript.Echo (objObject.TargetInstance.SourceName) End Sub do while true wscript.sleep(1000) loop Whilst the following autoit code does not - doesn't see event log updates when made : $objSink = ObjCreate("WbemScripting.SWbemSink","SINK_") $objWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!.rootcimv2") $objWMI.ExecNotificationQueryAsync($objSink, "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'") Func SINK_OnObjectReady($objObject, $objAsyncContext) msgbox(0,"",$objObject.TargetInstance.SourceName) EndFunc while true sleep(1000) wend No errors when run and no event log source when event log updated.... Anyone suggest why ?
Moderators JLogan3o13 Posted April 15, 2014 Moderators Posted April 15, 2014 (edited) You have a function, but are never calling it in your code. All your code is doing is sleeping. Additionally, your params for the function use variables you haven't declared ($objObject, $objAsyncContext), so you couldn't call it if you wanted. I would suggest you search out scriptomatic on the forum, and use the example scripts to modify your vbscript code. Edit: '?do=embed' frameborder='0' data-embedContent>> Edited April 15, 2014 by JLogan3o13 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
mark999 Posted April 23, 2014 Author Posted April 23, 2014 Hmmm it works under Windows XP. The function isn't called in the normal way its linked to via the first line of the script when a new event log entry is created it fires off a call to the function. I have recently upgraded to Windows 7 and noticed a lack of events in my event log monitor program I have been running - tried run "as administrator" no change. Tried a VBS version of a cut down version of my script as above - ok the au3 not so good.....
trancexx Posted April 23, 2014 Posted April 23, 2014 ObjCreate line is wrong. Btw, I don't see how could that line work on your XP when the code is simply wrong. Try ObjEvent. ♡♡♡ . eMyvnE
Solution mark999 Posted April 24, 2014 Author Solution Posted April 24, 2014 Thanks for everyone's patience. Spotted my mistake after looking at the link above - I had missed a line in the above : ObjEvent($objSink, "SINK_") That was what was wrong above at least. The real cause of my confusion (not by rubbish example above ) was good old UAC that started off this thread and me cutting out a section of my bigger program. Now the sample above is working I have found watching for event log updates is only seen when running the program "as administrator" in Windows 7. Thought I tried that with my original program - I was an admin at the command prompt when I started my program but not elevated admin.....
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now