Windows Scripting
  Home arrow Windows Scripting arrow Page 2 - Parsing Event Logs in WSH
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Mobile Linux 
App Generation ROI 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SCRIPTING

Parsing Event Logs in WSH
By: Nilpo/Developer Shed Staff Writer
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 2
    2007-05-21

    Table of Contents:
  • Parsing Event Logs in WSH
  • Using WMI to access NT Log events
  • Creating the database
  • Adding event data to the database
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Parsing Event Logs in WSH - Using WMI to access NT Log events
    (Page 2 of 4 )

    Since we’re dealing with event logs, it’s probably a good idea to start out by describing how to access them, eh?

    We are once again turning to WMI.  You’ll find—especially with system administration scripts—that the scripts with the most functionality and power tend to rely directly on WMI.  This is because WMI technology allows us to have direct access to nearly every conceivable part of the system.  It’s also extremely manageable and highly configurable.

    I trust everyone remembers how to connect to the WMI Service.  For those who don’t, we need to connect to the CIMV2 provider like this:

    strComputer = "."

    Set objWMIService = GetObject("winmgmts: " _

       & "{impersonationLevel=impersonate}!" & strComputer _

       & "rootcimv2")

    You’ll notice that I’ve set the impersonation level.  If you want to use this script in a network environment to analyze remote machines, you’ll need to have this set.  If you’re not in such an environment, it doesn’t hurt to leave it in there either.

    Next you need to form a query to poll the events from the event log.  All of the events are contained in the Win32_NTLogEvent class.

    Set colEvents = objWMIService.ExecQuery( _

       "SELECT * FROM Win32_NTLogEvent")

    If you wanted, you could filter the event to return specific event logs.  Simply add a WHERE clause to your query and specify an event property.

    SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'System'

    Each item returned represents a single event.  The table below lists the available item properties that you will probably find useful.

    Category

    An integer representing the event category.

    ComputerName

    A string that returns the computer’s DNS name.

    EventCode

    And integer representing the error number.

    EventType

    And integer representing the event type.

    LogFile

    A string that returns which log an event is from.

    Message

    The textual message associated with an event.

    RecordNumber

    An incremented integer that serves as a unique ID for each event record.

    SourceName

    A string representing the source of the event.

    TimeGenerated

    The date and time when the event occurred.

    TimeWritten

    The date and time when the event was written to the log.

    Type

    The textual description of the event type.

    User

    A user name representing the user session in which the event took place.

    Next: Creating the database >>
     

    More Windows Scripting Articles
    More By Nilpo/Developer Shed Staff Writer


       · Event logs can help a good system or network administrator be more effective. Learn...
     
    >>> Post your comment now!

    WINDOWS SCRIPTING ARTICLES

    - Introducing Two-Way Data Binding using Silve...
    - Silverlight 2.0 Application Development with...
    - Burning Multisession CDs with IMAPI2 in WSH
    - Creating a Silverlight 2.0 Application that ...
    - Burning CDs with the IMAPI2 Control
    - Burning CDs in Windows XP with WSH
    - Advanced Word Object Scripting
    - Reading and Printing Word Documents in WSH
    - Scripting Microsoft Word
    - Using WSH to Catalog MP3 Files
    - Reading MP3 ID3 Tags in WSH
    - A Brief Look at Menus in WPF
    - More Examples of Simplified Image Processing...
    - Completing a WPF To-Do List Application
    - Simplified Image Processing in GDI+
    Find More Windows Scripting Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway
    Stay green...Green IT