如何使用WMI获取事件查看器中显示的GPO日志 [英] How to fetch GPO logs displayed in Event viewer using WMI
问题描述
各位大家好!。
Hello everybody!.
任何人都可以告诉我哪些WMI查询需要执行才能检索在"应用程序和服务日志/ Microsoft / Windows / GroupPolicy / Operational"下的事件查看器中显示一组GPO日志?
Can anybody tell me which is the WMI query that I need to execute to retrieve the set of GPO logs being displayed in Event Viewer under "Application and Services Logs/Microsoft/Windows/GroupPolicy/Operational"?
我找不到单个线程打开有了这些信息,我需要找到一种方法来使用WMI查询恢复这些日志。
I cannot find a single thread opened with this information, and I need to find a way to recover these logs using a WMI query.
我尝试过这个查询: SELECT * from Win32_NTLogEvent WHERE SourceName ='Microsoft-Windows-GroupPolicy'
I have tried with this query: SELECT * from Win32_NTLogEvent WHERE SourceName = 'Microsoft-Windows-GroupPolicy'
但是我只检索了2行,而我在事件查看器的操作部分有1,228个日志。
However I'm only retrieving 2 rows, while I have 1,228 logs in the Operational section of the Event Viewer.
我们非常感谢任何帮助。
Any help would be strongly appreciated.
谢谢大家!
Thank you all!.
推荐答案
嗨Lucas.Alvarez.Lacasa,
Hi Lucas.Alvarez.Lacasa,
感谢您发布此处。
对于您的问题,我不确定您获得的2行与1228登录之间有何不同事件查看器的操作部分。但是我做了一个简单的代码来测试,我可以获得250行而不仅仅是2行。请尝试代码。如果无法解决您的问题,请查看
,请检查区别在2行和1228个日志之间,并提供有关它的更多详细信息。也许1228日志不仅适用于Microsoft-Windows-GroupPolicy。
For your question, I am not sure what is the different between the 2 rows which you get and the 1228 logs in the Operational section of the Event Viewer. But I make a simple code to test, I could get the 250 rows not only 2 rows. Please try the code. And if it could not solve your question, please check the difference between the 2 rows and 1228 logs, and provide more details about it. Maybe the 1228 logs is not only for Microsoft-Windows-GroupPolicy.
ManagementObjectSearcher searcher =
new ManagementObjectSearcher("root\\CIMV2",
"SELECT * FROM Win32_NTLogEvent WHERE SourceName = 'Microsoft-Windows-GroupPolicy'");
foreach (ManagementObject queryObj in searcher.Get())
{
//get something you want
}
最好的问候,
Wendy
这篇关于如何使用WMI获取事件查看器中显示的GPO日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
