Hi, Does any know using WMI how to search the last 24 hours of event viewer. i have a script to search event viewer but need help with only bringing back the last 24 hours events. Here's the vbs script i have so far. Option Explicit Dim objFso, objFolder, objWMI, objEvent ' Objects Dim strFile, strComputer, strFolder, strFileName, strPath, strdate ' Strings Dim intEvent, intNumberID, intRecordNum, colLoggedEvents ' Set your variables intNumberID = 17055 ' Event ID Number intEvent = 1 intRecordNum = 1 strdate = date strComputer = "." strFileName = "\Eventlog"&year(date)&right("00"&month(date),2)&right("00"&day(date),2)&".txt" strFolder = "C:\SQLerror" strPath = strFolder & strFileName Set objFso = CreateObject("Scripting.FileSystemObject") If objFSO.FolderExists(strFolder) Then Set objFolder = objFSO.GetFolder(strFolder) Else Set objFolder = objFSO.CreateFolder(strFolder) End If Set strFile = objFso.CreateTextFile(strPath, True) Set objWMI = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colLoggedEvents = objWMI.ExecQuery _ ("Select * from Win32_NTLogEvent Where Logfile = 'application'") intEvent = 1 For Each objEvent in colLoggedEvents If objEvent.EventCode = intNumberID Then strFile.WriteLine ("Source Name: " & objEvent.SourceName) strFile.WriteLine ("Event Type: " & objEvent.Type) strFile.WriteLine ("Category: " & objEvent.Category) strFile.WriteLine ("Event Code: " & objEvent.EventCode) strFile.WriteLine ("Time Written: " & WMIDateStringToDate(objEvent.TimeWritten)) strFile.WriteLine ("Message: " & objEvent.Message) strFile.WriteLine (" ") intRecordNum = intRecordNum +1 End if IntEvent = intEvent +1 Next Function WMIDateStringToDate(dtmDate) WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _ Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _ & " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2)) End Function WScript.Quit