Hi,
Does any know using WMI how to search the last 24 hours of event viewer. i have a script to search event viewer but need help with only bringing back the last 24 hours events. Here's the vbs script i have so far.

Option Explicit

Dim objFso, objFolder, objWMI, objEvent ' Objects
Dim strFile, strComputer, strFolder, strFileName, strPath, strdate ' Strings
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents

' Set your variables
intNumberID = 17055 ' Event ID Number
intEvent = 1
intRecordNum = 1

strdate = date
strComputer = "."
strFileName = "\Eventlog"&year(date)&right("00"&month(date),2)&right("00"&day(date),2)&".txt"
strFolder = "C:\SQLerror"
strPath = strFolder & strFileName

Set objFso = CreateObject("Scripting.FileSystemObject")

If objFSO.FolderExists(strFolder) Then
Set objFolder = objFSO.GetFolder(strFolder)
Else
Set objFolder = objFSO.CreateFolder(strFolder)
End If
Set strFile = objFso.CreateTextFile(strPath, True)

Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'application'")

intEvent = 1
For Each objEvent in colLoggedEvents
If objEvent.EventCode = intNumberID Then

strFile.WriteLine ("Source Name: " & objEvent.SourceName)
strFile.WriteLine ("Event Type: " & objEvent.Type)
strFile.WriteLine ("Category: " & objEvent.Category)
strFile.WriteLine ("Event Code: " & objEvent.EventCode)
strFile.WriteLine ("Time Written: " & WMIDateStringToDate(objEvent.TimeWritten))
strFile.WriteLine ("Message: " & objEvent.Message)
strFile.WriteLine (" ")
intRecordNum = intRecordNum +1
End if
IntEvent = intEvent +1
Next

Function WMIDateStringToDate(dtmDate)
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
End Function

WScript.Quit