How to capture specific Event log data via Custom Inventory

Article:HOWTO8544  |  Created: 2008-01-30  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/HOWTO8544
Article Type
How To

Product(s)

Languages

Question

Is there a way to capture specific event log data via custom inventory?

Answer
There is a WMI class called Win32_NTLogEvent in the Win32 namespace. The following query can be used in a custom inventory xml to capture the data that is available from the windows event logs.

 SELECT * FROM Win32_NTLogEvent where Logfile='Application' and SourceName='Altiris Recovery Solution'

The query can be refined by filtering on the various components that are from this class:

ComputerName
EventCode
EventIdentifier
LogFile
Message
Eventtype
RecordNumber
SourceName
TimeGenerated
TimeWritten
Category
CategoryString
Type
User

Attached is a zip file that contains a custom inventory xml file and the INI file that can be used to create a custom inventory task.


Attachments

APPEvtLogs.zip (1 kBytes)

Legacy ID



40276


Article URL http://www.symantec.com/docs/HOWTO8544


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support