Login  | |
|
 |
Keep informed about event viewer errors - 10/1/2005 9:23:41 PM
|
|
 |
|
| |
didorno
Posts: 361
Score: 0
Joined: 2/12/2005
From:
Status: offline
|
Do you like to be informed immediately when a serious event occurs in the system, applications and security logs ?
In that case, place a short cut (with wscript.exe) to the next script in the startup folder.
Then the script continually monitors in the back ground the event viewer.
2 constants are language dependent : conType1 and conType2 !!!
I could only test the dutch version and not the english version of these constants !!!
In case of a problem, please let me know.
' MonitorEventLogs.vbs 30 september 2005
'
' Signals immediately the occurrence of an error or failed attemp of the kind which is also recorded
' in the event log files (System, application and security).
' If the event is shown in an extensive way, then it is also written in a log file indicated with conLog.
' In case the event reoccurred, then only a small remark is shown.
'
' !!!!!!!!!!!!!!!!!!!!! Note : conType1 and conType2 are language dependent, so take care
' for the right strings ! English : conType1 = "Error" conType2 = "Failure Audit"
' Dutch : conType1 = "Fout" conType2 = "Controle mislukte poging"
' conType1 and conType2 are not case dependent.
Option Explicit
Const strComputer = ".", _
conType1 = "Error", _
conType2 = "Failure Audit", _
conLog = "C:\SeriousEventLog.txt", _
conForReading = 1, _
conForWriting = 2, _
conForAppending = 8, _
conOKButton = 0, _
conExclamIcon = 48, _
conCreateFile = "True"
Dim BtnCode, colMonitoredEvents, dtmEventDate, objFSO, objLatestEvent, objWMIService, StartTime, _
strTimeWritten, SuperStr, TimeStr, WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
' Include 'Security' otherwise those events are not detected
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel = impersonate, (Security)}!\\" _
& strComputer & "\root\cimv2")
' Define the events to be intercepted
Set colMonitoredEvents = objWMIService.ExecNotificationQuery("Select * from __instancecreationevent " _
& "where TargetInstance isa 'Win32_NTLogEvent' " _
& "And (TargetInstance.Type = '" & conType1 _
& "' Or TargetInstance.Type = '" & conType2 & "')")
StartTime = Now
' Existence of Log file not known. If Exists : do nothing, if not, make it as an empty file.
' This has the advantage that running the script the 1st time, allows for immediate approval of the script,
' instead of approval at the time of occurrence of the 1st error.
OpenTextFileTest("")
' Start now the endless loop
Do
' Next line waits for the occurrence of an event
' Source : TechNet Scripts Monitor Event Logs.htm, 17-feb-2003
Set objLatestEvent = colMonitoredEvents.NextEvent
' Event conType1 of conType2 has occurred
With objLatestEvent.TargetInstance
' Determine the unique part of the event (times and record number)
TimeStr = "Script watches this session from : " & StartTime & vbCrLf _
& SkipEmpty("Date/Time occurrence", WMIDateStringToDate(.TimeGenerated)) _
& SkipEmpty("Date/Time writing",WMIDateStringToDate(.TimeWritten)) _
& SkipEmpty("Record number", .RecordNumber)
' Make string to test Log file (conLog) for reoccurrence of error,
' i.e. leave out the unique part (TimeStr)
SuperStr = SkipEmpty("Category", .Category) _
& SkipEmpty("Category string", .CategoryString) _
& SkipEmpty("Computer name", .ComputerName) _
& SkipEmpty("Event-code", .EventCode) _
& SkipEmpty("Event-id", .EventIdentifier) _
& SkipEmpty("Event-type", .EventType) _
& SkipEmpty("Source", .SourceName) _
& SkipEmpty("Type", .Type) _
& SkipEmpty("User", .User) _
& SkipEmpty("LogFile", .LogFile) _
& SkipEmpty("Strings", .InsertionStrings) _
& SkipEmpty("Data (decimal)", .Data) _
& SkipEmpty("Message", vbCrLf & .Message)
If objFSO.FileExists(conLog) And InStr(ReadFile, SuperStr) Then
' Log exists and Superstring is already known
Wscript.Echo "Error in Log: " & .LogFile _
& ", has already been registered in file (" & conLog & ")."
Else
' Log exists but Superstring is new, or Logboek does not exist (could be
' deleted in the mean time), then create it
BtnCode = WshShell.Popup(TimeStr & SuperStr, 0, "Important registration in Log", _
conOKButton + conExclamIcon)
OpenTextFileTest(TimeStr & SuperStr & vbCrLf)
End If
End With
Loop
' End of main part
Function WMIDateStringToDate(dtmEventDate)
' Source : hey1026.mspx.htm, 25 jan 2005
WMIDateStringToDate = CDate(Mid(dtmEventDate, 5, 2) & "/" _
& Mid(dtmEventDate, 7, 2) & "/" & Left(dtmEventDate, 4) _
& " " & Mid (dtmEventDate, 9, 2) & ":" _
& Mid(dtmEventDate, 11, 2) & ":" & Mid(dtmEventDate, 13, 2))
End Function ' WMIDateStringToDate
Function SkipEmpty(ItemName, ItemContent)
' If ItemContent is missing, then ItemName is skipped in report
If IsNull(ItemContent) Then
SkipEmpty = ""
Else
If IsArray(ItemContent) Then
ItemContent = Join(ItemContent)
End If
If CStr(ItemContent) <> "" Then
SkipEmpty = ItemName & " : " & CStr(ItemContent) & vbCrLf
End If
End If
End Function ' SkipEmpty
Sub OpenTextFileTest(TekstIn)
' Write report in Log : conLog, if file is missing, create it
Dim f
Set f = objFSO.OpenTextFile(conLog, conForAppending, conCreateFile)
f.Write TekstIn
f.Close
Set f = Nothing
End Sub ' OpenTextFileTest
Function ReadFile
' Read whole Log as one string (max. possible length is about 2 biljon characters)
Dim objFile, ts
Set objFile = objFSO.GetFile(conLog)
If objFile.Size > 0 Then
Set ts = objFSO.OpenTextFile(conLog, conForReading)
ReadFile = ts.ReadAll
ts.Close
Set ts = Nothing
End If
Set objFile = Nothing
End Function ' ReadFile
' End of MonitorEventLogs.vbs
See for my dutch version thread 18823 "Triggering the start of a script" 2005-03-26.
< Message edited by didorno -- 10/1/2005 10:20:02 PM >
_____________________________
Regular Expression ? I (L+o{1,}v{1,3}e\s)+[iI]t!$
|
|
| |
|
|
|
|
|
Printable Version
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread