Wednesday, September 12, 2007

Event Log

Event Log Manipulations:

1. Reading the Event Log
2. Clearing the Event Log
3. Creating backup of the Event Log

Code Snippet #1:

  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" _
  4. & strComputer & "\root\cimv2")
  5. Set colLoggedEvents = objWMIService.ExecQuery _
  6. ("Select * from Win32_NTLogEvent " _
  7. & "Where Logfile = 'System'")
  8. For Each objEvent in colLoggedEvents
  9. Wscript.Echo "Category: " & objEvent.Category & VBNewLine _
  10. & "Computer Name: " & objEvent.ComputerName & VBNewLine _
  11. & "Event Code: " & objEvent.EventCode & VBNewLine _
  12. & "Message: " & objEvent.Message & VBNewLine _
  13. & "Record Number: " & objEvent.RecordNumber & VBNewLine _
  14. & "Source Name: " & objEvent.SourceName & VBNewLine _
  15. & "Time Written: " & objEvent.TimeWritten & VBNewLine _
  16. & "Event Type: " & objEvent.Type & VBNewLine _
  17. & "User: " & objEvent.User
  18. Next


Code Snippet #2:

  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate,(Backup)}!\\" & _
  4. strComputer & "\root\cimv2")
  5. Set colLogFiles = objWMIService.ExecQuery _
  6. ("Select * from Win32_NTEventLogFile " _
  7. & "Where LogFileName='Application'")
  8. For Each objLogfile in colLogFiles
  9. objLogFile.ClearEventLog()
  10. WScript.Echo "Cleared application event log file"
  11. Next

Code Snippet #3:


  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate,(Backup)}!\\" & _
  4. strComputer & "\root\cimv2")
  5. Set colLogFiles = objWMIService.ExecQuery _
  6. ("Select * from Win32_NTEventLogFile " _
  7. & "Where LogFileName='Application'")
  8. For Each objLogfile in colLogFiles
  9. errBackupLog = objLogFile.BackupEventLog( _
  10. "c:\scripts\application.evt")
  11. WScript.Echo "File saved as c:\scripts\applications.evt"
  12. Next
If at first you fail, call it version 1.0

No comments: