通过WMI读取windows日志

1.以WMI读取事件日志需要目标主机的管理员权限，或者�W域的Domain Admin权限

2.设定的第一步是要先确认目标主机(被读取事件的主机)的WMI服务有没有启动。    可下指令 net start winmgmt 或�姆��罩���(�A�O是自���拥�)

 

 3.目标主机开启防火墙TCP 135、139、445 port (是否三��都要�_尚待�_�J)
   以及依照 http://support.microsoft.com/kb/875605#4 教�W�O定允�S�h端系�y管理、授�c DCOM �h端���嘞蕖㈤_�� DCOM �B接埠、新增用�� 端��用程式至 Windows 防火��例外清��

4.�x�褚环N支援WMI的�_本�Z言(VBScript, Microsoft JScript, Perl, ASP, .Net written in C#, Visual Basic .NET, or J#)

5.程式��大致上分�槿���步 �E
        a.�B接到WMI服��
        b.�z�WMI管理的�Y源
        c.�@示WMI管理�Y源的�热菁�傩�
6.若以VB�槔�，�⒛�穗��X的log中大部份�谖毁Y料列印出�� (此�例�⒖甲� �@ �e) strComputer = "目 �穗��X名�Qor IP" 

Set wbemServices = Getobject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf(" Win32_NTLogEvent") 

For Each wbemObject In wbemObjectSet
    WScript.Echo "Log File:        " & wbemObject.LogFile        & vbCrLf & _
                 "Record Number:   " & wbemObject.RecordNumber   & vbCrLf & _
                 "Type:            " & wbemObject.Type           & vbCrLf & _
                 "Time Generated:  " & wbemObject.TimeGenerated  & vbCrLf & _
                 "Source:          " & wbemObject.SourceName     & vbCrLf & _
                 "Category:        " & wbemObject.Category       & vbCrLf & _
                 "Category String: " & wbemObject.CategoryString & vbCrLf & _
                 "Event:           " & wbemObject.EventCode      & vbCrLf & _
                 "User:            " & wbemObject.User           & vbCrLf & _
                 "Computer:        " & wbemObject.ComputerName   & vbCrLf & _
                 "Message:         " & wbemObject.Message        & vbCrLf