Stuck on two problems with WMI and remote event logs
mikael....@gmail.com
I'm building an application to monitor event logs on a remote server
in a different domain. I can't use the System.Diagnostics.EventLog &
co because they throws authentication exceptions at me. So, the
approach I have taken is WMI, which is new to me.
I've managed to build an application that can query for log entries
from both local and remote (using ManagementScope with username and
password) event logs. I have also used a ManagementEventWatcher to get
notifications whenever a new log entry is written. My first and
foremost problem is that this event watcher won't start when I connect
to a remote event log (locally it works as a charm).
When I call watcher.start() I get a COMException with the following
message:
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
My code looks (something) like:
ConnectionOptions conn = new ConnectionOptions();
conn.Username = "mylogin";
conn.Password = "mypass";
conn.Impersonation = ImpersonationLevel.Impersonate;
scope = new ManagementScope(@"\\" + computerName + @"\root\cimv2",
conn);
scope.Connect();
EventQuery query = new EventQuery("SELECT * FROM
__InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'
and TargetInstance.LogFile = 'Application'");
watcher = new ManagementEventWatcher(scope, query);
watcher.EventArrived += new
EventArrivedEventHandler(watcher_EventArrived);
watcher.Start();
The user account I'm using is a member of the local administrators
group on the server (today I monitor the logs manually using remote
desktop and this user account).
I can't seem to find any solution to this problem and would be
greatful for any help!
- - -
My second problem is actually more of a question...
I would like to retrieve a list of all available event logs on the
same remote server. Again I can't use
System.Diagnostics.EventLog.getEventLogs(computerName) since it throws
an UnauthorizedException. So, is it possible to do the same thing
using WMI, because I can't find any examples of how to do it!
Again, thanks for any help!
Best regards,
Mikael
Rick C
news:5cc2361c-1404-4a9c...@79g2000hsk.googlegroups.com...
> When I call watcher.start() I get a COMException with the following
> message:
>
> The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
I had the same problem when trying to connect to a remote server in a data
center. However, the same exact program worked when run from a different
server in the same data center as the first remote server. It might be that
a firewall is blocking you.
mikael....@gmail.com
entries statically through the management scope without any problems
that there would be no firewall problem. I mean, I could let my
program constantly poll the server for the latest entries to achieve a
similar effect, but I would (of course) much rather use a watcher.
How come I would be allowed to do it one way but the other? What is
really the difference (I actually know nothing about WMI and how it
works)?
Also, how can I check if my problem is a firewall (not much of a
Windows administrator either I'm afraid). The point is that I need to
run my application from my local desktop and monitor this other server
in another domain (that I'm not an administrator of).
Thanks!
Mikael
On Jul 11, 5:48 pm, "Rick C" <pixel...@hotmail.example.com> wrote:
> <mikael.linds...@gmail.com> wrote in message
mikael....@gmail.com
polling instead...
And for my second question, I really can't find a nice way to list the
available event logs. The only approach I can come up with is "SELECT
LogFile FROM Win32_NtLogEvent" and then sort out unique values! This
way my users will have time for a coffee while I'm retreiving the log
names for them! Why is there no SELECT DISTINCT?
Argh, I'm really starting to dislike working with WMI... if only WQL
were SQL!
Are there really noone that has done these things before?
/ Mikael