hmm ...
let's try the WQL query first. Maybe Jens' function just works for the main event logs System, Security and Appication (as it was written in 2001)
_________________________