LogAnalysis
[logs] Getting Windows logs through WMI Jan 16 2008 05:40AM
Vincent Bernat (bernat luffy cx) (2 replies)
Re: [logs] Getting Windows logs through WMI Jan 16 2008 12:05PM
Paul Melson (pmelson gmail com) (1 replies)
On Jan 16, 2008 12:40 AM, Vincent Bernat <bernat (at) luffy (dot) cx [email concealed]> wrote:
[...]
> However, it seems that there is a major drawback to using WMI: when the
> event log file is 100 MB large, the WMI call timeout whatever the
> request is. I mean, you may ask for log trail 45722 or for 100 last log
> trails or 100 first log trails, the WMI call takes too much time and
> timeout.
[...]
> For some large organization, a 100 MB large file is quite common (and
> filled in a hour, so we cannot ask them to use smaller size). Do you
> know of any workaround to this limitation?

I've not run across this issue before. Can you tell me more about the
environment? The version of Windows Server, the hardware of the
server(s), etc. ?

Also, what log file are you trying to retrieve? And what does your
WQL query look like? (i.e. "Select * from Win32_NTLogEvent Where
Logfile = 'Security'")

And finally, if you're doing this currently with VBScript, have you
thought about changing languages? I know that in general timeouts for
objWMI/GetObject in VBScript are an issue. Seems to me that if you
were to write your handler in, say C#, that you would be able to
increase the connection timeout to whatever you wanted.

PaulM
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Getting Windows logs through WMI Jan 16 2008 01:39PM
Vincent Bernat (bernat luffy cx) (1 replies)
RE: [logs] Getting Windows logs through WMI Jan 16 2008 02:34PM
Paul Melson (pmelson gmail com)
RE [logs] Getting Windows logs through WMI Jan 16 2008 10:11AM
david bigot devoteam com (1 replies)
Re: RE [logs] Getting Windows logs through WMI Jan 16 2008 06:51PM
Vincent Bernat (bernat luffy cx)


 

Privacy Statement
Copyright 2010, SecurityFocus