Frequently Asked Questions

Using WBEMTEST to troubleshoot WMI/DCOM problems with an Event Log Feed

If you're experiencing problems with an event log feed it can sometimes be useful to try WBEMTEST, Microsoft's built-in WMI test program.

To use WBEMTEST on the LOCAL computer:

  • Type in WBEMTEST into the Run box off the Start menu to start up the WMI Tester app.
  • Tick "Enable all privileges", then click "Connect..."
  • Change Namespace to root\cimv2, leave everything else as-is and press "Connect"
  • Back on the main screen, press "Query"
  • Enter the following query, and press "Apply" SELECT * FROM Win32_NTLogEvent WHERE Logfile='security'
(Note: you can use the names of other event logs in step 5, e.g. application, system etc)



To use WBEMTEST to retrieve event log data from a REMOTE (networked) computer:

  • Type in WBEMTEST into the Run box off the Start menu to start up the WMI Tester app.
  • Tick "Enable all privileges", then click "Connect..."
  • In the "Namespace" box of the connect dialog, type: \\\root\cimv2 where is the name of the computer whose logs are to be read
  • In the "Credentials" section, enter the account name and password you're using in LogMeister/EventMeister to connect to the remote machine, and press "Connect"
  • Back on the main screen, press "Query"
  • Enter the following query, and press "Apply" SELECT * FROM Win32_NTLogEvent WHERE Logfile='security'
(Note: you can use the names of other event logs in step 6, e.g. application, system etc)

Help Topics:


Last Updated 3 years ago


Help Topics

  • Technical Questions