All posts tagged Event Log

Local Shutdown Tracking in ConfigMgr

Another example I quickly covered in my System Center Universe Europe 2015 session on Advanced Data Collection was tracking shutdowns of managed systems. This is done by selectively collecting event log entries from systems using hardware inventory. As with all things hardware inventory, WMI is the key and in this case the Windows event log events are in fact easily available using the Win32_NTLogEvent WMI class. This isn’t to say that WMI contains the log events though, this class just exposes the data in the event logs using a WMI provider. Thus querying this class returns events directly from the event logs in real-time. Read more…