Announcement

Collapse
No announcement yet.

Event viewer for several servers / macro?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • shegeek
    replied
    Re: Event viewer for several servers / macro?

    Thanks Supply Guy! I'll give that a look over and see if it'll work for us.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: Event viewer for several servers / macro?

    Here's a solution I use to collect my events into a readable, sortable format.

    You get one spreadsheet of events, per machine. I schedule this script to run on my main server (not a DC, though). Easy to setup, easy to schedule, easy to view.

    It won't clear the local Security log (on the machine which the script is ran).


    '================================================= =========================
    '
    ' VBScript Source File -- Created with SAPIEN Technologies PrimalSCRIPT(TM)
    '
    ' NAME: <EventLogstoXLS.vbs>
    '
    ' AUTHOR: Joel Thoreson
    ' DATE : 2/27/2003
    '
    ' COMMENT: Reads a list of servers from a file, backs up the event logs
    ' to a single XLS file (per machine), then clears the remote event logs.
    '
    '================================================= =========================

    Option Explicit

    Const ForReading = 1
    'Event Log Constants
    Const Event_Success = 0, Event_Error = 1, Event_Warning = 2, Event_Information = 4

    Dim WshShell, WshNetwork, fso, sLogFilePath, timesvr, strYear, strMonth, strDay, strDate
    Dim ServerFile, sComputerName, wmi, numerr, abouterr

    'Create the shells
    Set WshShell = WScript.CreateObject("WScript.Shell")
    Set WshNetwork = WScript.CreateObject("WScript.Network")

    'set the filesystem object
    Set fso = CreateObject("Scripting.FileSystemObject")

    ' collect the local computer name
    'strLocalComputer = WshNetwork.ComputerName

    'Set the Event Logs path on the main server
    sLogFilePath = "C:\EventLogs"

    'Set the time Server
    timesvr = "BigKahuna"

    'Set the date variable
    strYear = DatePart ("yyyy", Date)
    strMonth = DatePart ("m", Date)
    strDay = DatePart ("d", Date)

    'add a zero
    If strDay < 10 Then strDay = "0" & strDay
    If strMonth < 10 Then strMonth = "0" & strMonth

    strDate = strYear & "-" & strMonth & "-" & strDay

    '================================================= ========================
    ' read each line of servers.txt and run the time and copy subs on each server
    '================================================= ========================
    set ServerFile = fso.OpenTextFile(sLogFilePath & "Servers.txt", 1, false)

    'read until the end of the file
    While Not ServerFile.AtEndOfStream
    'save the computer name
    sComputerName = ServerFile.Readline

    On Error Resume Next 'turn off error checking

    'ensure you can connect to the WMI on the remote machine
    'I use this to make sure the machine is online, and can accept
    'the commands in the sub CopyBackupCommand below
    Set wmi = getobject("winmgmts://" & sComputerName)
    numerr = err.Number 'get the error number
    abouterr = Err.description 'get the error description

    If numerr = 0 Then 'checking to ensure the machine is online
    On Error Goto 0 'reset error checking
    'Set the remote computer's time
    Call SetRemoteTime(sComputerName, timesvr)

    'Do the copy command and schedule the event
    Call Backup(sComputerName)
    Else 'tell the user why we couldn't connect to the remote machine
    WshShell.Popup "Connection to server "& sComputerName & " returned error number " & numerr & "." & vbcrLf & _
    "Error Description: " & abouterr, 5, "Cannot contact server"
    End If

    On Error Goto 0 'reset error checking
    Wend

    'Close the file
    ServerFile.Close


    '************************************************* ************************
    ' the subroutines follow
    '************************************************* ************************

    '================================================= ========================
    ' Set the time on the remote machine to the "timeserver"
    ' !!! Critcal - to ensure the "AT" command is timed correctly
    ' Special thanks to:
    ' www.bittnet.com/scripting/wsh/wmidujour.htm
    ' www.google.com
    ' Yes, I searched for "Net Time WMI" and this was the easiest
    ' implementation, but the main page is offline, so I thank
    ' Google for caching it. I know, it's "cheating"...maybe
    '================================================= ========================

    Sub SetRemoteTime(sTarget, timeserver)

    On Error Resume Next 'turn off error checking
    Dim wmi, process, startupInfo, cmd

    'Get the WMI reference
    Set wmi = getobject("winmgmts:{(SystemTime)}!//" & sTarget)
    Set process = wmi.get("win32_process")
    Set startupInfo = wmi.get("win32_processstartup")
    'set additional parameters
    startupInfo.showWindow = 0 '0=hidden 1=normal 7=minnoactivate
    'set the command to execute
    cmd = "net time \" & timeserver & " /set /y"
    ' do it!
    process.create cmd,,startupInfo
    On Error Goto 0 'reset error checking
    End Sub


    '================================================= ========================
    ' Create the folders and copy the vbs script to the remote computer, then
    ' schedule the task on the remote computer
    '================================================= ========================
    Sub Backup(sTargetComp)

    Dim objWMI, colWMISet, objWMIObject, colLogFiles, objLogfile
    Dim strTempFile, txtStreamOut, z
    Dim strEvtLogDT, strEvtLogDateTime, strEvtLogDate, strEvtLogTime, strEvtLogVal
    Dim strMsg, strFirstCharacter, strTempLength, strTempMsg

    Const ForWriting = 2 ' write access

    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>
    ' Create Sub-Folder (on the local machine) with today's Date
    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>

    If not (fso.FolderExists(sLogFilePath & strDate)) Then

    z = sLogFilePath & strDate
    fso.CreateFolder(z)

    End If
    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>

    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>
    ' Create Sub-Folder (on the local machine) for the remote server
    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>

    If not (fso.FolderExists(sLogFilePath & strDate & "" & sTargetComp)) Then

    z = sLogFilePath & strDate & "" & sTargetComp
    fso.CreateFolder(z)

    End If
    '>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&gt ;>>>>>>>>>>>>>>>>>

    Set objWMI = GetObject("winmgmts:\" & sTargetComp)
    Set colWMISet = objWMI.InstancesOf("Win32_NTLogEvent")

    ' set the text file path (could be made into an input box, with a default setting)
    strTempFile = z & "" & sTargetComp & ".txt"

    ' Check whether the file exists
    If (Not fso.FileExists(strTempFile)) Then ' File doesn't exist so create it
    fso.CreateTextFile(strTempFile)
    Else 'if it does, delete the old, create a new
    fso.DeleteFile(strTempFile)
    fso.CreateTextFile(strTempFile)
    End If

    Set txtStreamOut = fso.OpenTextFile(strTempFile, ForWriting, True) ' Open output

    txtStreamOut.Write "Log File" & vbTab
    txtStreamOut.Write "Type" & vbTab
    txtStreamOut.Write "Date" & vbTab
    txtStreamOut.Write "Time" & vbTab
    txtStreamOut.Write "Source" & vbTab
    txtStreamOut.Write "Event" & vbTab
    txtStreamOut.Write "User" & vbTab
    txtStreamOut.Write "Computer" & vbTab
    txtStreamOut.Write "Message" & vbTab
    txtStreamOut.WriteBlankLines(1)

    For Each objWMIObject In colWMISet

    StrEvtLogDT = objWMIObject.TimeGenerated
    strEvtLogVal = CStr(StrEvtLogDT)
    strEvtLogDate = DateSerial(Left(strEvtLogVal, 4), Mid(strEvtLogVal, 5, 2), Mid(strEvtLogVal, 7, 2))
    strEvtLogTime = TimeSerial(Mid(strEvtLogVal, 9, 2), Mid(strEvtLogVal, 11, 2), Mid(strEvtLogVal, 13, 2))
    strEvtLogDateTime = strEvtLogDate & vbTab & strEvtLogTime

    ' assign the Message to a variable
    strMsg = Trim(objWMIObject.Message)
    ' get the first character of the Message variable, and return it's ASCII Code
    If strMsg <> "" Then strFirstCharacter = Asc(Left(strMsg,1))

    While strFirstCharacter = 13 Or strFirstCharacter = 10
    ' get the overall length of the Message variable, minus 1
    strTempLength = (Len(strMsg)-1)
    ' starting from the end, trim the message 1 character
    strTempMsg = Right(strMsg,strTempLength)
    ' assign the temp variable
    strMsg = strTempMsg
    ' get the first character of the Message variable, again
    strFirstCharacter = Asc(Left(strMsg,1))
    Wend
    If strMsg <> "" Then
    strMsg = Replace(strMsg, vbCrLf, " ")
    strMsg = Replace(strMsg, vbLf, " ")
    strMsg = Replace(strMsg, vbCr, " ")
    End If
    txtStreamOut.Write objWMIObject.LogFile & vbTab & _
    objWMIObject.Type & vbTab & _
    StrEvtLogDateTime & vbTab & _
    objWMIObject.SourceName & vbTab & _
    objWMIObject.EventCode & vbTab & _
    objWMIObject.User & vbTab & _
    objWMIObject.ComputerName & vbTab & _
    strMsg & vbLf
    Next
    txtStreamOut.Close
    fso.MoveFile strTempFile , z & "" & sTargetComp & ".xls"

    Set objWMI = Nothing 'GetObject("winmgmts:\" & sTargetComp)
    Set colWMISet = Nothing 'objWMI.InstancesOf("Win32_NTLogEvent")

    Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonat e,(Backup)}!\" & sTargetComp & "\root\cimv2")
    Set colLogFiles = objWMI.ExecQuery ("Select * from Win32_NTEventLogFile") ' where LogFileName='Application'")
    For Each objLogfile in colLogFiles
    objLogFile.ClearEventLog()
    Next

    WshShell.LogEvent Event_Success, "The event logs for this computer were backed up to:"& vbCrLf & vbCrLf & "\" & WshNetwork.ComputerName & "" & strDate & "" & strTargetComp & "" & strTargetComp & ".xls","\" & sTargetComp

    End Sub


    Hope this helps!

    Joel

    Leave a comment:


  • shegeek
    replied
    Re: Event viewer for several servers / macro?

    Thanks. I won't waste the time figuring out the macro's then. That saves me a bunch of time. I've downloaded the DumpEvt and will try it out.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: Event viewer for several servers / macro?

    The Generate Macro function won't help you for this particular task. You can select the computers in the right window, then right-click and choose Events.

    This will pull events from the selected computers to yours. Depending on the number of computers/events, a better solution might be to use our free DumpEvt utility from http://www.systemtools.com/free_frame.htm

    Leave a comment:


  • shegeek
    started a topic Event viewer for several servers / macro?

    Event viewer for several servers / macro?

    I'd like to automate the collection of event viewer information for several servers and figure using the macro feature is the way to go.

    Hints and suggestions would be welcome.

    Thanks!
Working...
X