'
' WMI script to read all eventlog errors generated since last time this script was run.
' This script reads a datetime value from a file (EventView_date.txt) and uses it to
' construct a WMI query for all windows EventLog entries since then that are of type
' Error or error (seems winxp writes with a lowercase e)
'
' These results are written to a file (EventView_<dts>.log) and the time the script was
' run is written to the date file. This allows this script to be run several times a day
' and will only retrieve the error entries since the last run.
'
' If the date file is not present a new one will be created with the current date/time.
'
'
' Usage: click the vbs file in Windows Explorer to run using wscript. Some information
' will be displayed in message boxes (start time, each computer, number of records found)
' Alternatively type "cscript EventLogErrorView.vbs" in a command prompt to show the
' same details written to the command prompt. This can be used in a batch file, or in
' a scheduled task - the command is cscript, the parameter is this vbs file.
'
'
'
On Error Resume Next
'
' update this to refelect the computers to monitor - comma separated for multiple
'
arrComputers = Array("server1", "server2")
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objFSO = CreateObject("Scripting.FileSystemObject")
today = ""
Set objDateFile = objFSO.OpenTextFile ("EventView_date.txt")
today = objDateFile.Readline
Wscript.echo "today = " & today
if (isempty(today)) then
WScript.Echo "Date file not found, using today's date at midnight"
today = Date & " 00:00:00"
end if
today = DateToWMIDateString(today)
' write current datetime to file for next run.
set objDateFile = objFSO.CreateTextFile("EventView_date.txt")
objDateFile.WriteLine(Date & " " & Time)
Set objFile = objFSO.CreateTextFile("EventView_" & today & ".log")
' start processing
WScript.Echo "Processing All Error reports since: " & today & " (" & WMIDateStringToDate(today) & ")"
objFile.WriteLine "Processing All Error reports since: " & today & " (" & WMIDateStringToDate(today) & ")"
For Each strComputer In arrComputers
objFile.WriteLine
objFile.WriteLine
objFile.WriteLine
objFile.WriteLine "=========================================="
objFile.WriteLine "Computer: " & strComputer
objFile.WriteLine "=========================================="
WScript.Echo "Computer: " & strComputer
' notes:
' timestamp comparisons in WMI queries are in the form YYYYMMDDHHMMSS.milliseconds+exp
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE (Type = 'error' OR Type= 'Error') AND TimeGenerated > '" & today & ".000000+000'", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
dim records
records = 0
For Each objItem In colItems
objFile.WriteLine "CategoryString: " & objItem.CategoryString
objFile.WriteLine "ComputerName: " & objItem.ComputerName
strData = Join(objItem.Data, ",")
objFile.WriteLine "Data: " & strData
objFile.WriteLine "EventCode: " & objItem.EventCode
objFile.WriteLine "EventIdentifier: " & objItem.EventIdentifier
objFile.WriteLine "EventType: " & objItem.EventType
strInsertionStrings = Join(objItem.InsertionStrings, ",")
objFile.WriteLine "InsertionStrings: " & strInsertionStrings
objFile.WriteLine "Logfile: " & objItem.Logfile
objFile.WriteLine "Message: " & objItem.Message
objFile.WriteLine "SourceName: " & objItem.SourceName
objFile.WriteLine "TimeGenerated: " & WMIDateStringToDate(objItem.TimeGenerated)
objFile.WriteLine "Type: " & objItem.Type
objFile.WriteLine "User: " & objItem.User
objFile.WriteLine
objFile.WriteLine "------------------------------------------"
objFile.WriteLine
records = records + 1
Next
WScript.Echo " " & records & " records found"
objFile.WriteLine " " & records & " records found"
Next
Function WMIDateStringToDate(dtmDate)
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
End Function
' takes a dd/mm/yyyy hh:mm:ss format and turns it into yyyymmddhhmmss
Function DateToWMIDateString(dtmDate)
DateToWMIDateString = Year(dtmDate) & PadZeros(Month(dtmDate)) & PadZeros(Day(dtmDate)) & PadZeros(Hour(dtmDate)) & PadZeros(Minute(dtmDate)) & PadZeros(Second(dtmDate))
End Function
Function PadZeros(dtmDate)
If Len(dtmDate) = 1 Then
PadZeros = "0" & dtmDate
Else
PadZeros = dtmDate
End If
End Function
我写的一篇文章是为了帮助一位同事,他 RDPd 到服务器,打开事件查看器,查看它是否有错误。然后对其他 3 台服务器重复……每天。
我在这里收集了一堆 WMIC 片段。
微软(免费)工具 Scriptomatic2 中的所有内容!
我最喜欢的一个(因为这是我的第一个)给我带来了最大的麻烦……我一遍又一遍地写,直到它正常工作……是一个远程“禁用”我们自制的网络过滤器的脚本。
我们使用“定制”(由我)版本的 Squid,其中包含一些免费提供的黑名单,用于内容过滤和阻止我们公共机器上的端口(我为一个中等大小的 3 分支公共图书馆系统工作)。
WMI 脚本在员工计算机上运行。一旦工作人员执行它,就会提示他/她选择要禁用过滤器的机器。当脚本执行时,基本上它会在注册表级别从 Internet Explorer 中的代理设置选项中删除复选标记。
过滤器由批处理文件启用,该批处理文件在顾客会话启动并且计算机自动注销并重新打开时触发。
我们最终只在几台测试机器上使用了我的 WMI,但我真的很喜欢学习如何使用 WMI 完成几乎任何事情。
脚本很有用,我能够执行此操作。但该文件只显示信息,如
=========================================== 数据:插入字符串:
此外(“EventView_”&today&“.log”)这个文件只是用EventView_00.log而不是实际日期创建文件。根据语法,它应该提供数据而不是 off )00 。
来自 WSH JScript:
// 列出来自 Windows EventLog 的错误(仅过滤上个月的错误)。 函数前导零(str){ if (str.length == 1) 返回“0”+str; 别的 返回字符串; } 功能好日期(d){ var dstr = d.getFullYear().toString(); dstr +=leadingzero((d.getMonth()+1).toString()); dstr +=leadingzero(d.getDate().toString()); dstr +=leadingzero(d.getHours().toString()); dstr +=leadingzero(d.getMinutes().toString()); dstr +=leadingzero(d.getSeconds().toString()); dstr += ".000000-000"; 返回dstr; } // 24*3600*1000 - 一天 // 30*24*3600*1000 - 一个月 time = good_date(new Date(new Date() - 30*24*3600*1000)); var wbemFlagReturnImmediately = 0x10; var wbemFlagForwardOnly = 0x20; var objWMIService = GetObject("winmgmts:\\\\.\\root\\CIMV2"); var items = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE (Type = 'Ошибка' OR Type = 'Error') AND TimeGenerated > '" + time + "'", "WQL", wbemFlagReturnImmediately | wbemFlagForwardOnly); var enumItems = new Enumerator(items); for (enumItems.moveFirst(); !enumItems.atEnd(); enumItems.moveNext()) { var i = enumItems.item(); WScript.Echo("类型:" + i.Type + "\n" + "消息:" + i.Message + "\n" + "TimeGenerated:" + i.TimeGenerated); }