Tweet
I'd like to automate the collection of event viewer information for several servers and figure using the macro feature is the way to go.
Hints and suggestions would be welcome.
Thanks!
Hints and suggestions would be welcome.
Thanks!
-
-
Re: Event viewer for several servers / macro?
The Generate Macro function won't help you for this particular task. You can select the computers in the right window, then right-click and choose Events.
This will pull events from the selected computers to yours. Depending on the number of computers/events, a better solution might be to use our free DumpEvt utility from http://www.systemtools.com/free_frame.htm -
Re: Event viewer for several servers / macro?
Thanks. I won't waste the time figuring out the macro's then. That saves me a bunch of time. I've downloaded the DumpEvt and will try it out.Comment
-
Re: Event viewer for several servers / macro?
Here's a solution I use to collect my events into a readable, sortable format.
You get one spreadsheet of events, per machine. I schedule this script to run on my main server (not a DC, though). Easy to setup, easy to schedule, easy to view.
It won't clear the local Security log (on the machine which the script is ran).
'================================================= =========================
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalSCRIPT(TM)
'
' NAME: <EventLogstoXLS.vbs>
'
' AUTHOR: Joel Thoreson
' DATE : 2/27/2003
'
' COMMENT: Reads a list of servers from a file, backs up the event logs
' to a single XLS file (per machine), then clears the remote event logs.
'
'================================================= =========================
Option Explicit
Const ForReading = 1
'Event Log Constants
Const Event_Success = 0, Event_Error = 1, Event_Warning = 2, Event_Information = 4
Dim WshShell, WshNetwork, fso, sLogFilePath, timesvr, strYear, strMonth, strDay, strDate
Dim ServerFile, sComputerName, wmi, numerr, abouterr
'Create the shells
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
'set the filesystem object
Set fso = CreateObject("Scripting.FileSystemObject")
' collect the local computer name
'strLocalComputer = WshNetwork.ComputerName
'Set the Event Logs path on the main server
sLogFilePath = "C:\EventLogs"
'Set the time Server
timesvr = "BigKahuna"
'Set the date variable
strYear = DatePart ("yyyy", Date)
strMonth = DatePart ("m", Date)
strDay = DatePart ("d", Date)
'add a zero
If strDay < 10 Then strDay = "0" & strDay
If strMonth < 10 Then strMonth = "0" & strMonth
strDate = strYear & "-" & strMonth & "-" & strDay
'================================================= ========================
' read each line of servers.txt and run the time and copy subs on each server
'================================================= ========================
set ServerFile = fso.OpenTextFile(sLogFilePath & "Servers.txt", 1, false)
'read until the end of the file
While Not ServerFile.AtEndOfStream
'save the computer name
sComputerName = ServerFile.Readline
On Error Resume Next 'turn off error checking
'ensure you can connect to the WMI on the remote machine
'I use this to make sure the machine is online, and can accept
'the commands in the sub CopyBackupCommand below
Set wmi = getobject("winmgmts://" & sComputerName)
numerr = err.Number 'get the error number
abouterr = Err.description 'get the error description
If numerr = 0 Then 'checking to ensure the machine is online
On Error Goto 0 'reset error checking
'Set the remote computer's time
Call SetRemoteTime(sComputerName, timesvr)
'Do the copy command and schedule the event
Call Backup(sComputerName)
Else 'tell the user why we couldn't connect to the remote machine
WshShell.Popup "Connection to server "& sComputerName & " returned error number " & numerr & "." & vbcrLf & _
"Error Description: " & abouterr, 5, "Cannot contact server"
End If
On Error Goto 0 'reset error checking
Wend
'Close the file
ServerFile.Close
'************************************************* ************************
' the subroutines follow
'************************************************* ************************
'================================================= ========================
' Set the time on the remote machine to the "timeserver"
' !!! Critcal - to ensure the "AT" command is timed correctly
' Special thanks to:
' www.bittnet.com/scripting/wsh/wmidujour.htm
' www.google.com
' Yes, I searched for "Net Time WMI" and this was the easiest
' implementation, but the main page is offline, so I thank
' Google for caching it. I know, it's "cheating"...maybe
'================================================= ========================
Sub SetRemoteTime(sTarget, timeserver)
On Error Resume Next 'turn off error checking
Dim wmi, process, startupInfo, cmd
'Get the WMI reference
Set wmi = getobject("winmgmts:{(SystemTime)}!//" & sTarget)
Set process = wmi.get("win32_process")
Set startupInfo = wmi.get("win32_processstartup")
'set additional parameters
startupInfo.showWindow = 0 '0=hidden 1=normal 7=minnoactivate
'set the command to execute
cmd = "net time \" & timeserver & " /set /y"
' do it!
process.create cmd,,startupInfo
On Error Goto 0 'reset error checking
End Sub
'================================================= ========================
' Create the folders and copy the vbs script to the remote computer, then
' schedule the task on the remote computer
'================================================= ========================
Sub Backup(sTargetComp)
Dim objWMI, colWMISet, objWMIObject, colLogFiles, objLogfile
Dim strTempFile, txtStreamOut, z
Dim strEvtLogDT, strEvtLogDateTime, strEvtLogDate, strEvtLogTime, strEvtLogVal
Dim strMsg, strFirstCharacter, strTempLength, strTempMsg
Const ForWriting = 2 ' write access
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
' Create Sub-Folder (on the local machine) with today's Date
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
If not (fso.FolderExists(sLogFilePath & strDate)) Then
z = sLogFilePath & strDate
fso.CreateFolder(z)
End If
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
' Create Sub-Folder (on the local machine) for the remote server
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
If not (fso.FolderExists(sLogFilePath & strDate & "" & sTargetComp)) Then
z = sLogFilePath & strDate & "" & sTargetComp
fso.CreateFolder(z)
End If
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;>>>>>>>>>>>>>>>>>
Set objWMI = GetObject("winmgmts:\" & sTargetComp)
Set colWMISet = objWMI.InstancesOf("Win32_NTLogEvent")
' set the text file path (could be made into an input box, with a default setting)
strTempFile = z & "" & sTargetComp & ".txt"
' Check whether the file exists
If (Not fso.FileExists(strTempFile)) Then ' File doesn't exist so create it
fso.CreateTextFile(strTempFile)
Else 'if it does, delete the old, create a new
fso.DeleteFile(strTempFile)
fso.CreateTextFile(strTempFile)
End If
Set txtStreamOut = fso.OpenTextFile(strTempFile, ForWriting, True) ' Open output
txtStreamOut.Write "Log File" & vbTab
txtStreamOut.Write "Type" & vbTab
txtStreamOut.Write "Date" & vbTab
txtStreamOut.Write "Time" & vbTab
txtStreamOut.Write "Source" & vbTab
txtStreamOut.Write "Event" & vbTab
txtStreamOut.Write "User" & vbTab
txtStreamOut.Write "Computer" & vbTab
txtStreamOut.Write "Message" & vbTab
txtStreamOut.WriteBlankLines(1)
For Each objWMIObject In colWMISet
StrEvtLogDT = objWMIObject.TimeGenerated
strEvtLogVal = CStr(StrEvtLogDT)
strEvtLogDate = DateSerial(Left(strEvtLogVal, 4), Mid(strEvtLogVal, 5, 2), Mid(strEvtLogVal, 7, 2))
strEvtLogTime = TimeSerial(Mid(strEvtLogVal, 9, 2), Mid(strEvtLogVal, 11, 2), Mid(strEvtLogVal, 13, 2))
strEvtLogDateTime = strEvtLogDate & vbTab & strEvtLogTime
' assign the Message to a variable
strMsg = Trim(objWMIObject.Message)
' get the first character of the Message variable, and return it's ASCII Code
If strMsg <> "" Then strFirstCharacter = Asc(Left(strMsg,1))
While strFirstCharacter = 13 Or strFirstCharacter = 10
' get the overall length of the Message variable, minus 1
strTempLength = (Len(strMsg)-1)
' starting from the end, trim the message 1 character
strTempMsg = Right(strMsg,strTempLength)
' assign the temp variable
strMsg = strTempMsg
' get the first character of the Message variable, again
strFirstCharacter = Asc(Left(strMsg,1))
Wend
If strMsg <> "" Then
strMsg = Replace(strMsg, vbCrLf, " ")
strMsg = Replace(strMsg, vbLf, " ")
strMsg = Replace(strMsg, vbCr, " ")
End If
txtStreamOut.Write objWMIObject.LogFile & vbTab & _
objWMIObject.Type & vbTab & _
StrEvtLogDateTime & vbTab & _
objWMIObject.SourceName & vbTab & _
objWMIObject.EventCode & vbTab & _
objWMIObject.User & vbTab & _
objWMIObject.ComputerName & vbTab & _
strMsg & vbLf
Next
txtStreamOut.Close
fso.MoveFile strTempFile , z & "" & sTargetComp & ".xls"
Set objWMI = Nothing 'GetObject("winmgmts:\" & sTargetComp)
Set colWMISet = Nothing 'objWMI.InstancesOf("Win32_NTLogEvent")
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonat e,(Backup)}!\" & sTargetComp & "\root\cimv2")
Set colLogFiles = objWMI.ExecQuery ("Select * from Win32_NTEventLogFile") ' where LogFileName='Application'")
For Each objLogfile in colLogFiles
objLogFile.ClearEventLog()
Next
WshShell.LogEvent Event_Success, "The event logs for this computer were backed up to:"& vbCrLf & vbCrLf & "\" & WshNetwork.ComputerName & "" & strDate & "" & strTargetComp & "" & strTargetComp & ".xls","\" & sTargetComp
End Sub
Hope this helps!
JoelComment
-
Re: Event viewer for several servers / macro?
Thanks Supply Guy! I'll give that a look over and see if it'll work for us.Comment
Comment