WMI查询转发的事件 [英] WMI query for forwarded event

问题描述

我将安全事件从一个系统转发到另一个系统。

I have forward security events from one system to another system.

在第二台机器收集安全事件后，我可以在Windows日志下的事件查看器中查看这些收集的事件。

After collecting the Security events by the second machine I am able to view these collected events in the event viewer under the windows logs.

当我尝试使用时下面的查询：

When I am trying with below query:

从Win32_NTLogEvent中选择*其中logfile ='安全'

select * from Win32_NTLogEvent where logfile='Security'

我只从第二台机器获得安全事件，但我没有得到转发从第一台机器收到的事件。

I am getting the Security events from only 2nd machine but I am not getting forwarded events which are recieved from 1st machine.

从win32_NTLogEvent中选择*其中logfile ='ForwardedEvents'

Select * from win32_NTLogEvent where logfile='ForwardedEvents'

此查询不返回任何数据。

This query does not return any data.

Anyboday请帮助我使用WMI查询检索转发的事件。

Can anyboday please help me to retrieve the forwarded events using the WMI query.

推荐答案

如果删除 WHERE 条款？如果是，那么也许你应该确定另一个过滤条件。

Do you see the forwarded events, among others, if you remove the WHERE clause? If yes, then maybe you should identify another filtering condition.

这篇关于WMI查询转发的事件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！