vbscript, How to Retrieve Events For One Day From An Event Log on Windows 2000/NT

How to Retrieve Events For One Day From An Event Log on Windows 2000/NT

Author	Message
Wensi Pen #1 / 4	How to Retrieve Events For One Day From An Event Log on Windows 2000/NT Hi, The below VBScript is from MS. It requires on XP/2003. How can one modify it and make it running on Windows 2000 server? Much Thanks, Wensi Retrieve Events For One Day From An Event Log Description Retrieves all the events recorded on a specific date from all the event logs. Script Code Const CONVERT_TO_LOCAL_TIME = True Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime") Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime") DateToCheck = CDate("2/18/2002") dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'") For each objEvent in colEvents Wscript.Echo "Category: " & objEvent.Category Wscript.Echo "Computer Name: " & objEvent.ComputerName Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "Message: " & objEvent.Message Wscript.Echo "Record Number: " & objEvent.RecordNumber Wscript.Echo "Source Name: " & objEvent.SourceName Wscript.Echo "Time Written: " & objEvent.TimeWritten Wscript.Echo "Event Type: " & objEvent.Type Wscript.Echo "User: " & objEvent.User Wscript.Echo objEvent.LogFile Next The System Administration Scripting Guide, part of the Windows .NET Server
Mon, 12 Sep 2005 06:43:42 GMT

MV #2 / 4	How to Retrieve Events For One Day From An Event Log on Windows 2000/NT Quote: > The below VBScript is from MS. It requires on XP/2003. How can one modify it > and make it running on Windows 2000 server? Hi It is the 'WbemScripting.SWbemDateTime' part that is only supported on WinXP and better. More on WMI Date and Time Format here: http://msdn.microsoft.com/library/en-us/wmisdk/wmi/date_and_time_form... Here is a script that will work on pre-WinXP as well: ' Get eventlogs for today and yesterday: dtmEndDate = CDate(Date) dtmStartDate = dtmEndDate - 1 ' Converting to WMI "date" dtmEndDate = Year(dtmEndDate) _ & Right( "00" & Month(dtmEndDate), 2) _ & Right( "00" & Day(dtmEndDate), 2) dtmStartDate = Year(dtmStartDate) _ & Right( "00" & Month(dtmStartDate), 2) _ & Right( "00" & Day(dtmStartDate), 2) strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'") For each objEvent in colEvents Wscript.Echo "Category: " & objEvent.Category Wscript.Echo "Computer Name: " & objEvent.ComputerName Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "Message: " & objEvent.Message Wscript.Echo "Record Number: " & objEvent.RecordNumber Wscript.Echo "Source Name: " & objEvent.SourceName Wscript.Echo "Time Written: " & objEvent.TimeWritten Wscript.Echo "Event Type: " & objEvent.Type Wscript.Echo "User: " & objEvent.User Wscript.Echo objEvent.LogFile Next -- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter
Mon, 12 Sep 2005 08:29:47 GMT

Wensi Pen #3 / 4	How to Retrieve Events For One Day From An Event Log on Windows 2000/NT Thank you so much. It works. I would like to retrieve one day event logs in Asynchronous Event Log Query. That's combine both scripts. How to do it? Asynchronous Event Log Query Description Uses an asynchronous query to retrieve all the events recorded in all the event logs. This approach is faster than retrieving a large number of events using a synchronous query. Script Code Const POPUP_DURATION = 10 Const OK_BUTTON = 0 Set objWSHShell = Wscript.CreateObject("Wscript.Shell") strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set objSink = WScript.CreateObject("WbemScripting.SWbemSink","SINK_") objWMIService.InstancesOfAsync objSink, "Win32_NTLogEvent" Error = objWshShell.Popup("Starting event retrieval", POPUP_DURATION, _ "Event Retrieval", OK_BUTTON) Sub SINK_OnCompleted(iHResult, objErrorObject, objAsyncContext) WScript.Echo "Asynchronous operation is done." End Sub Sub SINK_OnObjectReady(objEvent, objAsyncContext) Wscript.Echo "Category: " & objEvent.Category Wscript.Echo "Computer Name: " & objEvent.ComputerName Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "Message: " & objEvent.Message Wscript.Echo "Record Number: " & objEvent.RecordNumber Wscript.Echo "Source Name: " & objEvent.SourceName Wscript.Echo "Time Written: " & objEvent.TimeWritten Wscript.Echo "Event Type: " & objEvent.Type Wscript.Echo "User: " & objEvent.User End Sub Quote: > > The below VBScript is from MS. It requires on XP/2003. How can one modify it > > and make it running on Windows 2000 server? > Hi > It is the 'WbemScripting.SWbemDateTime' part that is only supported on WinXP and > better. > More on WMI Date and Time Format here: http://msdn.microsoft.com/library/en-us/wmisdk/wmi/date_and_time_form... Quote: > Here is a script that will work on pre-WinXP as well: > ' Get eventlogs for today and yesterday: > dtmEndDate = CDate(Date) > dtmStartDate = dtmEndDate - 1 > ' Converting to WMI "date" > dtmEndDate = Year(dtmEndDate) _ > & Right( "00" & Month(dtmEndDate), 2) _ > & Right( "00" & Day(dtmEndDate), 2) > dtmStartDate = Year(dtmStartDate) _ > & Right( "00" & Month(dtmStartDate), 2) _ > & Right( "00" & Day(dtmStartDate), 2) > strComputer = "." > Set objWMIService = GetObject("winmgmts:" _ > & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") > Set colEvents = objWMIService.ExecQuery _ > ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _ > & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'") > For each objEvent in colEvents > Wscript.Echo "Category: " & objEvent.Category > Wscript.Echo "Computer Name: " & objEvent.ComputerName > Wscript.Echo "Event Code: " & objEvent.EventCode > Wscript.Echo "Message: " & objEvent.Message > Wscript.Echo "Record Number: " & objEvent.RecordNumber > Wscript.Echo "Source Name: " & objEvent.SourceName > Wscript.Echo "Time Written: " & objEvent.TimeWritten > Wscript.Echo "Event Type: " & objEvent.Type > Wscript.Echo "User: " & objEvent.User > Wscript.Echo objEvent.LogFile > Next > -- > torgeir > Microsoft MVP Scripting and WMI, Porsgrunn Norway > Administration scripting examples and an ONLINE version of the 1328 page > Scripting Guide: http://www.microsoft.com/technet/scriptcenter
Tue, 13 Sep 2005 09:17:08 GMT

MV #4 / 4	How to Retrieve Events For One Day From An Event Log on Windows 2000/NT Quote: > Thank you so much. It works. I would like to retrieve one day event logs in > Asynchronous Event Log Query. > That's combine both scripts. How to do it? > Asynchronous Event Log Query > Description > Uses an asynchronous query to retrieve all the events recorded in all the > event logs. This approach is faster than retrieving a large number of events > using a synchronous query. Hi I suggest using a semisynchronous call adding the wbemFlagForwardOnly flag for optimization. Combining wbemFlagReturnImmediately with wbemFlagForwardOnly results in a forward-only enumerator. A forward-only enumerator performs much faster than the default enumerator, because WMI doesn't maintain references to objects in the SWbemObjectSet. When using ExecQuery for large data sets on remote computers, you really need this setting. ExecQuery("Select ...", "WQL", 48) or ExecQuery("Select ...",, 48) The WBEM_FLAG_FORWARD_ONLY combined with the WBEM_FLAG_RETURN_IMMEDIATELY flag sums up to a decimal value of 48 in the iFlag argument in ExecQuery. If you don't use it for large collections, you risk that the scripts will be dog slow and in some cases grind to a halt all together. A snail will be quick in comparison ;-) Platform SDK: Windows Management Instrumentation IWbemServices::ExecQuery http://msdn.microsoft.com/library/en-us/wmisdk/wmi/iwbemservices_exec... Calling a Method http://msdn.microsoft.com/library/en-us/wmisdk/wmi/calling_a_method.asp Making a Semisynchronous Call with VBScript http://msdn.microsoft.com/library/en-us/wmisdk/wmi/making_a_semisynch... So, in the script I provided, change Set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'") to Set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'",, 48) -- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter
Tue, 13 Sep 2005 09:37:25 GMT

Page 1 of 1

[ 4 post ]