zimy Posted October 13, 2006 Share Posted October 13, 2006 Anyone happen to know how to dump event log information using autoit? Link to comment Share on other sites More sharing options...
erebus Posted October 13, 2006 Share Posted October 13, 2006 (edited) ; Demonstrates StdoutRead() #include <Constants.au3> $foo = Run(@ComSpec & " /c " & @SystemDir & "\CSCRIPT.EXE EVENTQUERY.VBS", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT read:", $line) Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop MsgBox(0, "STDERR read:", $line) Wend MsgBox(0, "Debug", "Exiting...") Also have a look at 'eventcreate' and 'eventtriggers' scripts that are standard in XP Pro. Edited October 13, 2006 by erebus Link to comment Share on other sites More sharing options...
zimy Posted October 13, 2006 Author Share Posted October 13, 2006 (edited) ; Demonstrates StdoutRead() #include <Constants.au3> $foo = Run(@ComSpec & " /c " & @SystemDir & "\CSCRIPT.EXE EVENTQUERY.VBS", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $line = StdoutRead($foo) If @error Then ExitLoop MsgBox(0, "STDOUT read:", $line) Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop MsgBox(0, "STDERR read:", $line) Wend MsgBox(0, "Debug", "Exiting...") Also have a look at 'eventcreate' and 'eventtriggers' scripts that are standard in XP Pro. thanks... funny thing is I was looking at that yesterday but forgot to put the cscript in front of the eventquery to get the help.... woopsy thanks for the pointer Edited October 13, 2006 by zimy Link to comment Share on other sites More sharing options...
pootie tang Posted October 16, 2006 Share Posted October 16, 2006 thanks...funny thing is I was looking at that yesterday but forgot to put the cscript in front of the eventquery to get the help.... woopsythanks for the pointer You can also use WMI ... $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Backup, Security)}!\\"&$computername&"\root\cimv2") for $logname in $objWMIService.InstancesOf("Win32_NTEventLogFile") $currenteventlog = $destinationpath & "\"& $logname.LogfileName & ".evt" $retcode = $logname.BackupEventLog($currenteventlog) While $retcode <> 0 if $retcode == 183 Then if MsgBox(262196,"Event Log Backup","File: " & $currenteventlog & " already exists. Do you wish to replace it?") == 6 Then if FileDelete ($currenteventlog) == 0 Then Return -1 Else $retcode = $logname.BackupEventLog($currenteventlog) EndIf Else Return -1 EndIf elseif $retcode == 5 Then MsgBox(262160,"Event Log Backup","Unable to backup " & $logname.LogfileName & " Event Log due to insufficient permissions") Return -1 EndIf WEnd Next Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now