Microsoft Win32 Networks Discussions
 
Windows XP
(1)
FileTimeToLocalFileTime
(1)
Vista
(1)
SystemTimeToFileTime
(1)
NTLogEvent
(1)
Database
(1)
TeamB
(1)
Intentionate
(1)

win32_NTLogEventTimeGenerated is in GMT and not local in Vista/w2

Asked By tango
11-Nov-09 07:15 AM
Reply
(I posted this question to the microsoft.public.win32.programmer.wmi  but
it is not available anymore.  I do not know if this is the correct forum to
post this question...)

We are using the win32_NTLogEvent class to retrieve events and store them to
a database. We have noticed that in windows 2008 32bit and vista 32bit the
win32_NTLogEvent.TimeGenerated is returned in GMT with an offset value of
000. In earlier versions of windows, win32_NTLogEvent.TimeGenerated is
returned in localtime with an offset relative to GMT.
For Example these two are exactly the same date:
WinXP         TimeGenerated 10:00  GMT 120 (20091016100000.000000+120)
Vista/2008   TimeGenerated 08:00 GMT 000 (20091016080000.000000+000)

This, of course, creates inconsistency in data depending on the source OS.
We would like to know if this change is intentionate and if means of easily
recovering the local time instead have been provided.

Thank you very much,
Tango.

Why not just have your code convert GMT values to local time whenever =the

Remy Lebeau replied to tango
11-Nov-09 01:16 PM
Reply
Why not just have your code convert GMT values to local time whenever =
the offset is 0?  Look at SystemTimeToFileTime(), =
FileTimeToLocalFileTime(), and other related functions.

--=20
Remy Lebeau (TeamB)

offset is 0?

tango replied to Remy Lebeau
23-Nov-09 05:37 AM
Reply
offset is 0?  Look at SystemTimeToFileTime(), FileTimeToLocalFileTime(), and
other related functions.

The problem is that we are retrieving remote data using WMI, we need to get
the local time for the eventlog message in the REMOTE computer, and I think
using the API we will bet the date in the local computer where we are
executing the WMI query.

For Example in a remote WinXP when we retrieve the EventLog message with
TimeGenerated 10:00 GMT 120 (20091016100000.000000+120)  we know there was
10:00 in the remote computer clock but when retrieving the same EventLog
message from a remote Vista/2008, the TimeGenerated will be 08:00 GMT 000
(20091016080000.000000+000) so we cannot get the "real remote time" where the
message was generated.

I have not received any MSDN reply.

tango replied to tango
15-Jan-10 01:32 AM
Reply
I have not received any MSDN reply. I thought it was because a problem in the
nospam alias not being assigned but I am sure now it is assigned.
Post Question To EggHeadCafe