How would I go about subscribing to a WMI event which notifies me of a new entry in the error log? The error log in question would be generated as a result of a call to an ETW event source.
I've noticed the following WMI query: SELECT * FROM Win32_NTLogEvent
I'm not sure if this would work or even if it is too wide a query for picking up entries in specific ETW based event logs.
Any help appreciated.