G
Gerold
Hello,
I don`t know where to post my problem, so I post it here, sorry for
possible inconsistencies.
The question is requarding WMI Eventlog access.
I have a DC with 100`000 events in security log.
I run the query using IWbemServices::ExecQuery: "SELECT * FROM
Win32_NTLogEvent WHERE TimeGenerated > <somedatetime> and LogFile =
'Security'"
I`ve got only several events, because I set <somedatetime> very close
to current time, this is correct.
The problem is that Winmgmt.exe process on DC hits 100% CPU in task
manager for minutes on W2K ! W2K3 does the same (but the process name
is wmiprvse.exe). Automatic updates turned on, all latest updates
installed, both to W2K and W2K3.
I wonder how can I avoid this extremely high load ? I`m just reading
several events from the end of the log...
P.S. It`s NOT acceptable to filter out events with RecordNumber.
I don`t know where to post my problem, so I post it here, sorry for
possible inconsistencies.
The question is requarding WMI Eventlog access.
I have a DC with 100`000 events in security log.
I run the query using IWbemServices::ExecQuery: "SELECT * FROM
Win32_NTLogEvent WHERE TimeGenerated > <somedatetime> and LogFile =
'Security'"
I`ve got only several events, because I set <somedatetime> very close
to current time, this is correct.
The problem is that Winmgmt.exe process on DC hits 100% CPU in task
manager for minutes on W2K ! W2K3 does the same (but the process name
is wmiprvse.exe). Automatic updates turned on, all latest updates
installed, both to W2K and W2K3.
I wonder how can I avoid this extremely high load ? I`m just reading
several events from the end of the log...
P.S. It`s NOT acceptable to filter out events with RecordNumber.