Sign in to follow this  
Followers 0
LordSphynx

Reading the servers Starttime

8 posts in this topic

Hi Folks,

First, let me state that we have Windows 2000 and Windows 2003 Servers.

What I want to do is check the servers starttime (through HKLM\SOFTWARE\Microsoft\Windows NT\Prefetcher\Starttime), compare it with the curent date/time, and check if there is a difference betwen the servers' starttime and the current time of 10 minutes or less, and then it should give me an syslog event.

Now when I try to run the script, I see that it can not retrieve the information from a windows 2000 server, but it retrieves it from a windows 2003 server.

What is wrong ?

#Include <date.au3>
Const $HKEY_LOCAL_MACHINE = 0x80000002
$ServerList = FileOpen("C:\util\EventLogger\ServerList.txt", 0)
    ;check if file is open
    If $ServerList = -1 Then
        MsgBox(0, "Error", "Unable to open the serverlist")
        Exit
    EndIf
While 1     
    $server = FileReadLine($ServerList)
    If @error = -1 Then ExitLoop
    
    TrayTip("EventLogger", "Checking " & $server & " for shutdown key.", 10)
    $Now = _NowCalc()
    Dim $strKeyPath, $strValueName, $strValue
    $strComputer = $server
    $objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv")
    $strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher"
    $strValueName = "Starttime"
    $objRegistry.GetStringValue ($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName, $strValue)
    MsgBox(4096,"", $server & "-" & $strValue)
    $difference = _DateDiff('n', $strValue, $Now)
    MsgBox(4096,"","Difference: " & $difference)
    If $difference <= 10 Then
        $errormessage = "WATCHGUARD: The Server " & $server & " has been rebooted or had an Unexpected shutdown less then 10 minutes ago."
        Run('C:\Program Files\KLOG\KLOG Command-line Tools\klog\klog.exe -L Critical -m "' & $errormessage & '"', "", @SW_MINIMIZE)
    EndIf
        
    
    TrayTip("","",0)
WEnd

Share this post


Link to post
Share on other sites



download uptime.exe and parse the output.


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Hi Folks,

First, let me state that we have Windows 2000 and Windows 2003 Servers.

What I want to do is check the servers starttime (through HKLM\SOFTWARE\Microsoft\Windows NT\Prefetcher\Starttime), compare it with the curent date/time, and check if there is a difference betwen the servers' starttime and the current time of 10 minutes or less, and then it should give me an syslog event.

Now when I try to run the script, I see that it can not retrieve the information from a windows 2000 server, but it retrieves it from a windows 2003 server.

What is wrong ?

#Include <date.au3>
Const $HKEY_LOCAL_MACHINE = 0x80000002
$ServerList = FileOpen("C:\util\EventLogger\ServerList.txt", 0)
    ;check if file is open
    If $ServerList = -1 Then
        MsgBox(0, "Error", "Unable to open the serverlist")
        Exit
    EndIf
While 1     
    $server = FileReadLine($ServerList)
    If @error = -1 Then ExitLoop
    
    TrayTip("EventLogger", "Checking " & $server & " for shutdown key.", 10)
    $Now = _NowCalc()
    Dim $strKeyPath, $strValueName, $strValue
    $strComputer = $server
    $objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv")
    $strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher"
    $strValueName = "Starttime"
    $objRegistry.GetStringValue ($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName, $strValue)
    MsgBox(4096,"", $server & "-" & $strValue)
    $difference = _DateDiff('n', $strValue, $Now)
    MsgBox(4096,"","Difference: " & $difference)
    If $difference <= 10 Then
        $errormessage = "WATCHGUARD: The Server " & $server & " has been rebooted or had an Unexpected shutdown less then 10 minutes ago."
        Run('C:\Program Files\KLOG\KLOG Command-line Tools\klog\klog.exe -L Critical -m "' & $errormessage & '"', "", @SW_MINIMIZE)
    EndIf
        
    
    TrayTip("","",0)
WEnd
Hi there,

That regkey is not good to W2K.

You have to check OS versions on servers and execute in differents funcs

Cheers


Old Scriptology

Visual Ping 1.8 - Mass Ping Program with export to txt delimited.

Desktop 2 RGB and YMCK - Pick a color in the desktop and get the RGB and YMCK code.

Desktop 2 RGB - Pick a color in the desktop and get the RGB code.

ShootIT 1.0 - Screen Capture full and partial screen

[font="'Arial Black';"]Remember Remember The Fifth of November.[/font]

Share this post


Link to post
Share on other sites

download uptime.exe and parse the output.

I know uptime, but what do you mean by parsing the output ?

I need to do this on 420 servers.

Share this post


Link to post
Share on other sites

Hi there,

That regkey is not good to W2K.

You have to check OS versions on servers and execute in differents funcs

Cheers

Thanks November for the input. Do you know if Windows 2000 server has an equivalent somewhere for the starttime regkey in windows 2003 ?

Share this post


Link to post
Share on other sites

I know uptime, but what do you mean by parsing the output ?

I need to do this on 420 servers.

You can give uptime.exe an ip address or a name of the server it should check. So, just loop though the list of your 420 servers and run uptime.exe with the appropriate parameters! By "parse the output" I mean, take whatever uptime.exe returns and extract the information you need. Sample output of uptime.exe:

\\LP01 has been up for: 6 day(s), 1 hour(s), 22 minute(s), 28 second(s)

So, you'll have to extract the day, hour, minute and second.

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Thanks November for the input. Do you know if Windows 2000 server has an equivalent somewhere for the starttime regkey in windows 2003 ?

Hi again,

Try to WMi them here:

; Generated by AutoIt Scriptomatic

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"

$Output=""
$Output = $Output & "Computer: " & $strComputer  & @CRLF
$Output = $Output & "==========================================" & @CRLF
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
      $Output = $Output & "LastBootUpTime: " & WMIDateStringToDate($objItem.LastBootUpTime) & @CRLF   
      if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
      $Output=""
   Next
Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_OperatingSystem" )
Endif


Func WMIDateStringToDate($dtmDate)

    Return (StringMid($dtmDate, 5, 2) & "/" & _
    StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
    & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))

Cheers


Old Scriptology

Visual Ping 1.8 - Mass Ping Program with export to txt delimited.

Desktop 2 RGB and YMCK - Pick a color in the desktop and get the RGB and YMCK code.

Desktop 2 RGB - Pick a color in the desktop and get the RGB code.

ShootIT 1.0 - Screen Capture full and partial screen

[font="'Arial Black';"]Remember Remember The Fifth of November.[/font]

Share this post


Link to post
Share on other sites

This script is fun and easy using on a local host, but it doesn't work for any remote machine. I mean that you can't ask a remote server, no answer come back (object is empty).

Any idea on it ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0