Professional Documents
Culture Documents
This article explains how to manage “EventLog” information dynamically using Visual
Basic.NET and VBScript. You will learn how to list all events, how to make a backup of the
"Eventlog" dynamically, and how to perform many other tasks as well.
The sample downloadable solution (zip) was entirely developed using Visual Studio.NET 2003
Enterprise Architect on Windows Server 2003 Standard Edition. But, I am confident that it
would work with other versions of Windows (which support .NET 1.1) as well.
I contributed several articles on WMI with VB.NET and VBScript (including the articles on
introductory or basic topics of WMI). I even contributed a series (of about six articles) on “WMI
Programming on VB.NET” covering several aspects of WMI. I strongly suggest you go through
the series, before going through this article.
How to list all events from “EventLog” using Visual Basic.NET
Before getting the information out of “EventLog”, we need to create a wrapper to store the
EvenLog information. Let us proceed to create a wrapper:
Public Function getEventLogStructure() As DataTable
Dim dt As New DataTable
dt.Columns.Add(New DataColumn("Category"))
dt.Columns.Add(New DataColumn("ComputerName"))
dt.Columns.Add(New DataColumn("EventCode"))
dt.Columns.Add(New DataColumn("Message"))
dt.Columns.Add(New DataColumn("TimeWritten"))
dt.Columns.Add(New DataColumn("Type"))
Return dt
End Function
The following method “addEventLog” adds a single row based on the structure you create for the
data table using the above method.
Public Sub addEventLog(ByRef dt As DataTable, ByVal Category
As String, ByVal ComputerName As String, ByVal EventCode As
String, ByVal Message As String, ByVal TimeWritten As String,
ByVal Type As String)
Dim dr As DataRow
dr = dt.NewRow
dr("Category") = Category
dr("ComputerName") = ComputerName
dr("EventCode") = EventCode
dr("Message") = Message
dr("TimeWritten") = TimeWritten
dr("Type") = Type
dt.Rows.Add(dr)
End Sub
Once you complete the creation of the wrapper, the following VB.NET code should
support some minimum information about “SoundDevice” available on your system.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Try
Dim searcher As New ManagementObjectSearcher( _
"root\CIMV2", _
"SELECT * FROM Win32_NTLogEvent")
Dim dt As DataTable = globals.getEventLogStructure
For Each queryObj As ManagementObject In searcher.Get
()
globals.addEventLog(dt, Convert.ToString(queryObj
("Category")), queryObj("ComputerName"), Convert.ToString
(queryObj("EventCode")), queryObj("Message"), Convert.ToString
(queryObj("TimeWritten")), Convert.ToString(queryObj("Type")))
Next
Me.DataGrid1.DataSource = dt
Catch err As ManagementException
MessageBox.Show("An error occurred while querying for
WMI data: " & err.Message)
End Try
End Sub
You can achieve the same result with VBScript as follows:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_NTLogEvent",,48)
For Each objItem in colItems
Wscript.Echo "Category: " & objItem.Category
Wscript.Echo "ComputerName: " & objItem.ComputerName
Wscript.Echo "EventCode: " & objItem.EventCode
Wscript.Echo "Message: " & objItem.Message
Wscript.Echo "TimeWritten: " & objItem.TimeWritten
Wscript.Echo "Type: " & objItem.Type
Next
Managing `EventLog` using Visual
Basic.NET and VBScript - How to list all
“Blue Screen” events (or STOP errors) using
Visual Basic.NET
(Page 2 of 4 )
Those who are working with Windows would definitely experience “Blue Screen” errors in some
situations (especially when hardware malfunctions occur). We can still get those events using
Visual Basic.NET.
To get the event information, I am using the same wrapper I used in the previous section. So, I
don’t want to repeat it. The following modification to the above program (in vb.net) would give
the required result.
Dim searcher As New ManagementObjectSearcher( _
"root\CIMV2", _
"Select * from Win32_NTLogEvent Where Logfile =
'System'" _
& " and SourceName = 'SaveDump'")
The only difference is that I am trying to filter out the events, which are only “System” events,
and the source related to “SaveDump.” When “Blue Screen” errors occur, they dump all the
information available at that instance onto the hard disk for future analysis.
The modification to the VBScript would be the following:
Set colItems = objWMIService.ExecQuery( _
" Select * from Win32_NTLogEvent Where Logfile = 'System'
and SourceName = 'SaveDump'",,48)
How to make a backup of “EventLog” dynamically using Visual Basic.NET
Making a backup of an “EventLog” is also a part of managing “EventLog” information.
Actually we can do this manually using the MMC snap-in. But, our intention is to work through
the classic Visual Basic.NET (or VBScript). As we are doing manipulation instead of retrieving
information, this section does not need any wrapper to work with.
Let us proceed with the Visual Basic.NET version first:
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button1.Click
Try
We have already seen how to take a backup of “EventLog” in the previous section. Now let us
look into “clearing an EventLog”. Since we are doing manipulation instead of retrieving
information, this section does not need any wrapper to work with.
Let us proceed with the Visual Basic.NET version first:
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button2.Click
Try
We have already seen how to take a backup of “EventLog” in the previous sections. Now let us
look into “copying an EventLog into a text file.” Even this section does not need any wrapper,
as we are not retrieving any information.
Let us proceed with the Visual Basic.NET version first:
Private Sub Button3_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button3.Click
Try
inParams("FileName") = "c:\sample.txt"
Console.WriteLine("Out parameters:")
Console.WriteLine("ReturnValue: {0}", outParams
("ReturnValue"))