I can not query log "Security" using WMI. Other logs works fine. Here is what i use:
import wmi
c = wmi.GetObject(r"winmgmts:{impersonationLevel=delegate,(Security)}!\\.\root\cimv2")
for i in c.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'"):
print i
It return me empty result, and in security log create reacord "audit failed". As i mentioned, i can query all other logs, but not this one specific. so i guess problem is in
c = wmi.GetObject(here is a problem)
Have you considered going the
win32evtlog
way? This is part of what I have used in the past and it seems to work well...This isn't really a complete implementation, but hopefully it gets you back on track!