G
Guest
First I wrote some _VBScript to get info from OS, and now I wrote some code
in VB.Net, and I have a problem now.
Look at this script in vbs
List1.vbs:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
strWQL="SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE
TargetInstance ISA ""Win32_NTLogEvent"" "
Set objEventSource = objWMIService.ExecNotificationQuery(strWQL)
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.Echo "OK"
Loop
I use it to register the Win32_ntlogEvent , so that i can get some info
where a new log written into the logfiles. List1 works very well on Windows
2003 Server, but when I try it on Windows 2000 Server, it echoed the
connection was refused .
So I edited it into List2,
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=
impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("Select * from __instancecreationevent WITHIN 5 where TargetInstance
isa 'Win32_NTLogEvent' ")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.Echo "OK"
Loop
and list2 works well on Window2000. i noticed the security setting so when I
wrote the code(List3) in vb.net, I added
" watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate
watcher.Scope.Options.Authentication = AuthenticationLevel.Default
" options in the vb.net code, but the bin still can not run on windows2000,
while it works well on Server2003.
i am puzzled! : ( ,
List3:
Imports System.management
Module Module1
Sub main()
Dim eventQuery As New EventQuery("SELECT * FROM
__InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' ")
'Initialize an event watcher object with this query
Dim watcher As New ManagementEventWatcher
watcher.Scope.Path.Server = "."
watcher.Scope.Path.Path = "\\.\root\CIMV2"
watcher.Scope.Path.NamespacePath = "root\CIMV2"
watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate
watcher.Scope.Options.Authentication = AuthenticationLevel.Default
watcher.Scope.Options.EnablePrivileges = False
watcher.Query = eventQuery
watcher.Start()
MsgBox("Listening startedï¼")
Dim handler As New EventHandler
AddHandler watcher.EventArrived, AddressOf handler.HandleEvent
System.Threading.Thread.Sleep(-1)
End Sub
End Module
Public Class EventHandler
Public Sub HandleEvent(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Console.Write("OK")
End Sub
End Class
but after I changed the Query String to :
'Dim eventQuery As New EventQuery("SELECT * FROM __InstanceCreationEvent
WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance ='Application'
")
The bin could run well under windows2000 too, but if you change the
targetinstance to Security, you get the access denied message again.
So finally i have two questions:
Why can not i register to the Win32_NtlogEvent, bu t i can register to the
application part in Win32_ntlogevent?
Is that a security problem?
Thank you for you time.
in VB.Net, and I have a problem now.
Look at this script in vbs
List1.vbs:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
strWQL="SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE
TargetInstance ISA ""Win32_NTLogEvent"" "
Set objEventSource = objWMIService.ExecNotificationQuery(strWQL)
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.Echo "OK"
Loop
I use it to register the Win32_ntlogEvent , so that i can get some info
where a new log written into the logfiles. List1 works very well on Windows
2003 Server, but when I try it on Windows 2000 Server, it echoed the
connection was refused .
So I edited it into List2,
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=
impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("Select * from __instancecreationevent WITHIN 5 where TargetInstance
isa 'Win32_NTLogEvent' ")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Wscript.Echo "OK"
Loop
and list2 works well on Window2000. i noticed the security setting so when I
wrote the code(List3) in vb.net, I added
" watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate
watcher.Scope.Options.Authentication = AuthenticationLevel.Default
" options in the vb.net code, but the bin still can not run on windows2000,
while it works well on Server2003.
i am puzzled! : ( ,
List3:
Imports System.management
Module Module1
Sub main()
Dim eventQuery As New EventQuery("SELECT * FROM
__InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' ")
'Initialize an event watcher object with this query
Dim watcher As New ManagementEventWatcher
watcher.Scope.Path.Server = "."
watcher.Scope.Path.Path = "\\.\root\CIMV2"
watcher.Scope.Path.NamespacePath = "root\CIMV2"
watcher.Scope.Options.Impersonation = ImpersonationLevel.Impersonate
watcher.Scope.Options.Authentication = AuthenticationLevel.Default
watcher.Scope.Options.EnablePrivileges = False
watcher.Query = eventQuery
watcher.Start()
MsgBox("Listening startedï¼")
Dim handler As New EventHandler
AddHandler watcher.EventArrived, AddressOf handler.HandleEvent
System.Threading.Thread.Sleep(-1)
End Sub
End Module
Public Class EventHandler
Public Sub HandleEvent(ByVal sender As Object, ByVal e As
EventArrivedEventArgs)
Console.Write("OK")
End Sub
End Class
but after I changed the Query String to :
'Dim eventQuery As New EventQuery("SELECT * FROM __InstanceCreationEvent
WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance ='Application'
")
The bin could run well under windows2000 too, but if you change the
targetinstance to Security, you get the access denied message again.
So finally i have two questions:
Why can not i register to the Win32_NtlogEvent, bu t i can register to the
application part in Win32_ntlogevent?
Is that a security problem?
Thank you for you time.