1.以WMI读取事件日志需要目标主机的管理员权限,或者網域的Domain Admin权限
2.设定的第一步是要先确认目标主机(被读取事件的主机)的WMI服务有没有启动。 可下指令 net start winmgmt 或從服務中啟動(預設是自動啟動的)
3.目标主机开启防火墙TCP 135、139、445 port (是否三個都要開尚待確認)
以及依照 http://support.microsoft.com/
4.選擇一種支援WMI的腳本語言(VBScript, Microsoft JScript, Perl, ASP, .Net written in C#, Visual Basic .NET, or J#)
5.程式邏輯大致上分為三個步 驟
a.連接到WMI服務
b.檢視WMI管理的資源
c.顯示WMI管理資源的內容及屬性
6.若以VB為例,將目標電腦的log中大部份欄位資料列印出來 (此範例參考自這裡)strComputer = "目 標電腦名稱or IP"
Set wbemServices = Getobject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf("
For Each wbemObject In wbemObjectSet
WScript.Echo "Log File: " & wbemObject.LogFile & vbCrLf & _
"Record Number: " & wbemObject.RecordNumber & vbCrLf & _
"Type: " & wbemObject.Type & vbCrLf & _
"Time Generated: " & wbemObject.TimeGenerated & vbCrLf & _
"Source: " & wbemObject.SourceName & vbCrLf & _
"Category: " & wbemObject.Category & vbCrLf & _
"Category String: " & wbemObject.CategoryString & vbCrLf & _
"Event: " & wbemObject.EventCode & vbCrLf & _
"User: " & wbemObject.User & vbCrLf & _
"Computer: " & wbemObject.ComputerName & vbCrLf & _
"Message: " & wbemObject.Message & vbCrLf
a.連接到WMI服務
b.檢視WMI管理的資源
c.顯示WMI管理資源的內容及屬性
6.若以VB為例,將目標電腦的log中大部份欄位資料列印出來 (此範例參考自這裡)strComputer = "目 標電腦名稱or IP"
Set wbemServices = Getobject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf("
For Each wbemObject In wbemObjectSet
WScript.Echo "Log File: " & wbemObject.LogFile & vbCrLf & _
"Record Number: " & wbemObject.RecordNumber & vbCrLf & _
"Type: " & wbemObject.Type & vbCrLf & _
"Time Generated: " & wbemObject.TimeGenerated & vbCrLf & _
"Source: " & wbemObject.SourceName & vbCrLf & _
"Category: " & wbemObject.Category & vbCrLf & _
"Category String: " & wbemObject.CategoryString & vbCrLf & _
"Event: " & wbemObject.EventCode & vbCrLf & _
"User: " & wbemObject.User & vbCrLf & _
"Computer: " & wbemObject.ComputerName & vbCrLf & _
"Message: " & wbemObject.Message & vbCrLf
