LordSphynx Posted June 13, 2007 Share Posted June 13, 2007 What is wrong with this ? expandcollapse popup#include <date.au3> $today = _NowDate() $answerLogin = "Username" $answerDomain = "domain" $answerPass = "Password" $ServerList = FileOpen("C:\util\EventLogger\ServerList.txt", 0) ;check if file is open If $ServerList = -1 Then MsgBox(0, "Error", "Unable to open the serverlist") Exit EndIf While 1 $server = FileReadLine($ServerList) If @error = -1 Then ExitLoop ; Check for Shutdown or reboot TrayTip("EventLogger", "Checking " & $server, 10) RunAsSet($answerLogin, $answerDomain, $answerPass, 2) $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = $server $Where_Clause = " WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = '7000'" $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NT_LogEvent" & $Where_Clause, "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $server & " - Message: " & $objItem.Message Run('C:\Program Files\KLOG\KLOG Command-line Tools\klog\klog.exe -L Critical -m "' & $Output & '"', "", @SW_MINIMIZE) RunAsSet() TrayTip("","",0) Next Else MsgBox(0, "Eventlogger", $server & " has no shutdown event", 10) Endif WEnd Link to comment Share on other sites More sharing options...
Xenobiologist Posted June 13, 2007 Share Posted June 13, 2007 Hi, have a look at Au3Lib maybe there are some easier access ways. So long, Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
/dev/null Posted June 13, 2007 Share Posted June 13, 2007 What is wrong with this ?There is NO error description! That's wrong! __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
LordSphynx Posted June 13, 2007 Author Share Posted June 13, 2007 (edited) and where do I find that or help on that ? (Au3Lib) Edited June 13, 2007 by LordSphynx Link to comment Share on other sites More sharing options...
PaulIA Posted June 13, 2007 Share Posted June 13, 2007 and where do I find that or help on that ? (Au3Lib)That's Auto3Lib. See sig. Auto3Lib: A library of over 1200 functions for AutoIt Link to comment Share on other sites More sharing options...
ptrex Posted June 13, 2007 Share Posted June 13, 2007 @all This is a shorter way. run CMD and type EventTriggers.exe /? Runs only in XP Enjoy !! ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
PaulIA Posted June 13, 2007 Share Posted June 13, 2007 @all This is a shorter way. run CMD and type EventTriggers.exe /? Runs only in XP Enjoy !! ptrexCan you provide a example that shows how to use this command to search for shutdown or reboot events in the event log? Auto3Lib: A library of over 1200 functions for AutoIt Link to comment Share on other sites More sharing options...
ptrex Posted June 14, 2007 Share Posted June 14, 2007 @PaulIA This example shows how to do something when a EVENTLOG START event has occured. EventTriggers /create /TR "My Trigger" /l system /eid 6005 /TK C:\ log\time.bat Usually after a reboot this will happen. It will trigger the BAT file to run, or whatever you want to do otherwise. Regards ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
PaulIA Posted June 14, 2007 Share Posted June 14, 2007 @PaulIA This example shows how to do something when a EVENTLOG START event has occured. EventTriggers /create /TR "My Trigger" /l system /eid 6005 /TK C:\ log\time.bat Usually after a reboot this will happen. It will trigger the BAT file to run, or whatever you want to do otherwise. Regards ptrexSo, unlike reading the event log, all you can do is trigger an event? I'm not sure that's what the OP was asking for, but it's still good information. Auto3Lib: A library of over 1200 functions for AutoIt Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 14, 2007 Share Posted June 14, 2007 (edited) Your code had some typos in it. I'm working off of Win32_NTLogEvent. I was interested in something like this for myself, so i took a shot at it. I don't have any event code 7000s in my log, so I changed it 6005 to get some hits. All the stuff for reading computer names from a file and RunAsSet() was extraneous to the issue, so it went away:$Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = 6005" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & @ComputerName & "\root\cimv2") If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery ($Query_Clause) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Category: " & $objEvent.Category & @CRLF $Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF $Output &= "Event Code: " & $objEvent.EventCode & @CRLF $Output &= "Message: " & $objEvent.Message & @CRLF $Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF $Output &= "Source Name: " & $objEvent.SourceName & @CRLF $Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF $Output &= "Event Type: " & $objEvent.Type & @CRLF $Output &= "User: " & $objEvent.User & @CRLF If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIfYou can use this to refine your WQL query and then put the other stuff back in. Edit: Tweaked to quit easier... Edited June 14, 2007 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
realkiller Posted June 25, 2007 Share Posted June 25, 2007 how to use? Remote 3.1 BetaRemote Media Player ControlUSB Security 1.2 Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 25, 2007 Share Posted June 25, 2007 how to use?Use what, to do what? If you mean my code in post #10, it reads entries from the event logs. What are you wanting to do? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
realkiller Posted June 25, 2007 Share Posted June 25, 2007 i wanna read only the error messages from remote pc Remote 3.1 BetaRemote Media Player ControlUSB Security 1.2 Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 25, 2007 Share Posted June 25, 2007 i wanna read only the error messages from remote pcChange the ObjGet() to use your remote computer name vice the @ComputerName macro, and edit the WQL query string to match what you want. For starters, you want change or delete the part to match an EventCode, and add EventType 1 (see the MSDN link in my post). Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
PsaltyDS Posted November 12, 2008 Share Posted November 12, 2008 no matter what conditions i put in the WQL query string i get "$objWMIService is not an object" i verify that the conditions in fact exist - any ideas? $asset = "l00799987" $Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventCode = 31" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & $asset & "\root\cimv2") If IsObj($objWMIService) Then ; ...<snip> Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf The computer name is really "l00799987" (named after asset tag, maybe)? If so, ensure that "Windows Management Instrumentation" (WMI) service is running, and you have an admin account on the computer, then try it this way: $sComputerName = "MyComputer" $objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator") $objWMIService = $objSWbemLocator.ConnectServer _ ($sComputerName, "root\cimv2", $sComputerName & "\Administrator", "AdministratorPassword") $objWMIService.Security_.ImpersonationLevel = 3 $Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = 6005" If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery ($Query_Clause) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Category: " & $objEvent.Category & @CRLF $Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF $Output &= "Event Code: " & $objEvent.EventCode & @CRLF $Output &= "Message: " & $objEvent.Message & @CRLF $Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF $Output &= "Source Name: " & $objEvent.SourceName & @CRLF $Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF $Output &= "Event Type: " & $objEvent.Type & @CRLF $Output &= "User: " & $objEvent.User & @CRLF If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now