zimy Posted October 13, 2006 Posted October 13, 2006 Anyone happen to know how to dump event log information using autoit?
erebus Posted October 13, 2006 Posted October 13, 2006 (edited) ; Demonstrates StdoutRead() #include <Constants.au3> $foo = Run(@ComSpec & " /c " & @SystemDir & "\CSCRIPT.EXE EVENTQUERY.VBS", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT read:", $line) Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop MsgBox(0, "STDERR read:", $line) Wend MsgBox(0, "Debug", "Exiting...") Also have a look at 'eventcreate' and 'eventtriggers' scripts that are standard in XP Pro. Edited October 13, 2006 by erebus
zimy Posted October 13, 2006 Author Posted October 13, 2006 (edited) ; Demonstrates StdoutRead() #include <Constants.au3> $foo = Run(@ComSpec & " /c " & @SystemDir & "\CSCRIPT.EXE EVENTQUERY.VBS", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT read:", $line) Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop MsgBox(0, "STDERR read:", $line) Wend MsgBox(0, "Debug", "Exiting...") Also have a look at 'eventcreate' and 'eventtriggers' scripts that are standard in XP Pro. thanks... funny thing is I was looking at that yesterday but forgot to put the cscript in front of the eventquery to get the help.... woopsy thanks for the pointer Edited October 13, 2006 by zimy
pootie tang Posted October 16, 2006 Posted October 16, 2006 thanks...funny thing is I was looking at that yesterday but forgot to put the cscript in front of the eventquery to get the help.... woopsythanks for the pointer You can also use WMI ... $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Backup, Security)}!\\"&$computername&"\root\cimv2") for $logname in $objWMIService.InstancesOf("Win32_NTEventLogFile") $currenteventlog = $destinationpath & "\"& $logname.LogfileName & ".evt" $retcode = $logname.BackupEventLog($currenteventlog) While $retcode <> 0 if $retcode == 183 Then if MsgBox(262196,"Event Log Backup","File: " & $currenteventlog & " already exists. Do you wish to replace it?") == 6 Then if FileDelete ($currenteventlog) == 0 Then Return -1 Else $retcode = $logname.BackupEventLog($currenteventlog) EndIf Else Return -1 EndIf elseif $retcode == 5 Then MsgBox(262160,"Event Log Backup","Unable to backup " & $logname.LogfileName & " Event Log due to insufficient permissions") Return -1 EndIf WEnd Next
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now