TechQA.

Python WMI moniker problem

841 views Asked by At

I can not query log "Security" using WMI. Other logs works fine. Here is what i use:

import wmi
c = wmi.GetObject(r"winmgmts:{impersonationLevel=delegate,(Security)}!\\.\root\cimv2")
for i in c.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'"):
    print i

It return me empty result, and in security log create reacord "audit failed". As i mentioned, i can query all other logs, but not this one specific. so i guess problem is in

c = wmi.GetObject(here is a problem)

python wmi moniker
Original Q&A
1

There are 1 answers

0
Randall.Cummins On BEST ANSWER

Have you considered going the win32evtlog way? This is part of what I have used in the past and it seems to work well...

import win32evtlog

outfile = open('NTLog.log', 'w')
server = 'SERVER_Name'
logtype = 'Security'
hand = win32evtlog.OpenEventLog(server, logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
count = 0
while count != total:
    events = win32evtlog.ReadEventLog(hand, flags,0)
    if events:
        for event in events:
            data = event.StringInserts
            if data:
                outfile.write(data[0])

This isn't really a complete implementation, but hopefully it gets you back on track!

Related Questions in PYTHON

Related Questions in WMI

Related Questions in MONIKER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions