How to collect the new "Applications and Services Logs" found on Windows 7 or Windows Server 2008 using WMI?

Question

In Windows Server 2008 and Windows 7 there are new Events categorized under "Applications and Services Logs". There is also a subfolder called Microsoft which has tons of subfolders as well.

Is there any way to collect these events through WMI? For the regular "Windows Logs" such as Application and Security, it is possible to use the Win32_NTLogEvent WMI class in the cimv2 namespace. However, this class does not provide access to the new Microsoft event logs.

Any ideas?

Answer 1

I know this is an old question, but to anyone stumbling across this, it IS actually possibly, you just need to add a registry key to the below location for the log you want to query ie. Microsoft-Windows-PrintService/Admin, or Microsoft-Windows-TaskScheduler/Operational in my case (both parts, with the slash) to the below location.

Not great, but at least it's something.

Credit to McAffee (a few results below on Google, but hopefully may stop some people giving up prematurely!)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\

https://kc.mcafee.com/corporate/index?page=content&id=KB81367

also linked from community.mcafee.com/thread/64301

screenshot