Help!
I am trying to create a daemon that pulls the existing events from the win32 nt event logs. The problem is that it may take a long time to catch up (starting from record number 0) depending on where the ID value currently is. I can get the number of records in the file from "select NumberOfRecords from Win32_NTEventlogFile where LogFileName='Security'".
Using wmic it looks like this.
dmcreynolds@dmcreynolds-ubuntu:~$ wmic -U AD-LAB/dmcreynolds%Ily33Ylm //172.16.64.20 "select NumberOfRecords from Win32_NTEventlogFile where LogFileName='Security'"
CLASS: Win32_NTEventlogFile
Name|NumberOfRecords
C:\WINDOWS\System32\config\SecEvent.Evt|302307
What I need is either the lowest record number or the current record number.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Help!
I am trying to create a daemon that pulls the existing events from the win32 nt event logs. The problem is that it may take a long time to catch up (starting from record number 0) depending on where the ID value currently is. I can get the number of records in the file from "select NumberOfRecords from Win32_NTEventlogFile where LogFileName='Security'".
Using wmic it looks like this.
dmcreynolds@dmcreynolds-ubuntu:~$ wmic -U AD-LAB/dmcreynolds%Ily33Ylm //172.16.64.20 "select NumberOfRecords from Win32_NTEventlogFile where LogFileName='Security'"
CLASS: Win32_NTEventlogFile
Name|NumberOfRecords
C:\WINDOWS\System32\config\SecEvent.Evt|302307
What I need is either the lowest record number or the current record number.