# From the book "Managing Enterprise Active Directory Services"
# ISBN: 0-672-32125-4

use Win32::OLE;
eval {
   $wmi_path = "winmgmts:{(security)}";
   $wql_query = " select *
                    from __instancecreationevent
                   where targetinstance isa 'Win32_NTLogEvent'
                     and targetinstance.LogFile = 'System'
                     and targetinstance.EventIdentifier = 5778 ";
   $events = Win32::OLE->GetObject($wmi_path)->ExecNotificationQuery(
                                                          $wql_query);
   die "Could not create event\n" unless ref $events;

   print "\nWaiting for NT event...\n\n";

   while (1) {
      $NTEvent = $events->NextEvent();
      print "Log:      ",$NTEvent->{TargetInstance}->{LogFile},"\n";
      print "EventID:  ",$NTEvent->{TargetInstance}->{EventIdentifier},"\n";
      print "Message:  ",$NTEvent->{TargetInstance}->{Message} || "<none>","\n";
      print "Time:     ",$NTEvent->{TargetInstance}->{TimeGenerated},"\n\n";
    }
};
if ($@) {
   print "Error: $@\n",Win32::OLE->LastError, "\n";
}