Version

Argent for Compliance 3.1A-1401-E or below

Date

Thursday, 20 Mar 2014

Summary

Windows Event Log traditionally has event type ‘Error‘, ‘Warning‘, ‘Information‘, ‘Security Audit Success‘ and ‘Security Audit Failure‘

WMI class Win32_NTEventLog returns EventType value 1 – 5 according to the MSDN documentation

Click For Full Size

It has found that more recent Windows machines including W2008 can return EventType value 0, for example, WMI event 5715 though Event Log Viewer still shows the event as Informational

Click For Full Size

Technical Background

It is either MSDN documentation error or implementation error in WMI class Win32_NTEventLog

It has been compensated in Argent AT 1402-T4

Resolution

Upgrade to Argent Advanced Technology 3.1A-1401-T4 or later

If Customer cannot upgrade immediately, he can either switch to method ‘Read Event Log File Directly‘ or filter out the unwanted events using other criteria, for example, Event ID not equal to 5615 etc