Frequently Asked Questions

If you're experiencing problems with an event log feed it can sometimes be useful to try WBEMTEST, Microsoft's built-in WMI test program.

To use WBEMTEST on the LOCAL computer:

• Type in WBEMTEST into the Run box off the Start menu to start up the WMI Tester app.
• Tick "Enable all privileges", then click "Connect..."
• Change Namespace to root\cimv2, leave everything else as-is and press "Connect"
• Back on the main screen, press "Query"
• Enter the following query, and press "Apply" SELECT * FROM Win32_NTLogEvent WHERE Logfile='security'

(Note: you can use the names of other event logs in step 5, e.g. application, system etc)

---

To use WBEMTEST to retrieve event log data from a REMOTE (networked) computer:

• Type in WBEMTEST into the Run box off the Start menu to start up the WMI Tester app.
• Tick "Enable all privileges", then click "Connect..."
• In the "Namespace" box of the connect dialog, type: \\\root\cimv2 where is the name of the computer whose logs are to be read
• In the "Credentials" section, enter the account name and password you're using in LogMeister/EventMeister to connect to the remote machine, and press "Connect"
• Back on the main screen, press "Query"
• Enter the following query, and press "Apply" SELECT * FROM Win32_NTLogEvent WHERE Logfile='security'

(Note: you can use the names of other event logs in step 6, e.g. application, system etc)