LordSphynx Posted June 14, 2007 Share Posted June 14, 2007 Hi Folks, First, let me state that we have Windows 2000 and Windows 2003 Servers. What I want to do is check the servers starttime (through HKLM\SOFTWARE\Microsoft\Windows NT\Prefetcher\Starttime), compare it with the curent date/time, and check if there is a difference betwen the servers' starttime and the current time of 10 minutes or less, and then it should give me an syslog event. Now when I try to run the script, I see that it can not retrieve the information from a windows 2000 server, but it retrieves it from a windows 2003 server. What is wrong ? #Include <date.au3> Const $HKEY_LOCAL_MACHINE = 0x80000002 $ServerList = FileOpen("C:\util\EventLogger\ServerList.txt", 0) ;check if file is open If $ServerList = -1 Then MsgBox(0, "Error", "Unable to open the serverlist") Exit EndIf While 1 $server = FileReadLine($ServerList) If @error = -1 Then ExitLoop TrayTip("EventLogger", "Checking " & $server & " for shutdown key.", 10) $Now = _NowCalc() Dim $strKeyPath, $strValueName, $strValue $strComputer = $server $objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv") $strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher" $strValueName = "Starttime" $objRegistry.GetStringValue ($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName, $strValue) MsgBox(4096,"", $server & "-" & $strValue) $difference = _DateDiff('n', $strValue, $Now) MsgBox(4096,"","Difference: " & $difference) If $difference <= 10 Then $errormessage = "WATCHGUARD: The Server " & $server & " has been rebooted or had an Unexpected shutdown less then 10 minutes ago." Run('C:\Program Files\KLOG\KLOG Command-line Tools\klog\klog.exe -L Critical -m "' & $errormessage & '"', "", @SW_MINIMIZE) EndIf TrayTip("","",0) WEnd Link to comment Share on other sites More sharing options...
/dev/null Posted June 14, 2007 Share Posted June 14, 2007 download uptime.exe and parse the output. __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
November Posted June 14, 2007 Share Posted June 14, 2007 Hi Folks, First, let me state that we have Windows 2000 and Windows 2003 Servers. What I want to do is check the servers starttime (through HKLM\SOFTWARE\Microsoft\Windows NT\Prefetcher\Starttime), compare it with the curent date/time, and check if there is a difference betwen the servers' starttime and the current time of 10 minutes or less, and then it should give me an syslog event. Now when I try to run the script, I see that it can not retrieve the information from a windows 2000 server, but it retrieves it from a windows 2003 server. What is wrong ? #Include <date.au3> Const $HKEY_LOCAL_MACHINE = 0x80000002 $ServerList = FileOpen("C:\util\EventLogger\ServerList.txt", 0) ;check if file is open If $ServerList = -1 Then MsgBox(0, "Error", "Unable to open the serverlist") Exit EndIf While 1 $server = FileReadLine($ServerList) If @error = -1 Then ExitLoop TrayTip("EventLogger", "Checking " & $server & " for shutdown key.", 10) $Now = _NowCalc() Dim $strKeyPath, $strValueName, $strValue $strComputer = $server $objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv") $strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher" $strValueName = "Starttime" $objRegistry.GetStringValue ($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName, $strValue) MsgBox(4096,"", $server & "-" & $strValue) $difference = _DateDiff('n', $strValue, $Now) MsgBox(4096,"","Difference: " & $difference) If $difference <= 10 Then $errormessage = "WATCHGUARD: The Server " & $server & " has been rebooted or had an Unexpected shutdown less then 10 minutes ago." Run('C:\Program Files\KLOG\KLOG Command-line Tools\klog\klog.exe -L Critical -m "' & $errormessage & '"', "", @SW_MINIMIZE) EndIf TrayTip("","",0) WEnd Hi there, That regkey is not good to W2K. You have to check OS versions on servers and execute in differents funcs Cheers Old Scriptology Visual Ping 1.8 - Mass Ping Program with export to txt delimited. Desktop 2 RGB and YMCK - Pick a color in the desktop and get the RGB and YMCK code. Desktop 2 RGB - Pick a color in the desktop and get the RGB code. ShootIT 1.0 - Screen Capture full and partial screen [font="'Arial Black';"]Remember Remember The Fifth of November.[/font] Link to comment Share on other sites More sharing options...
LordSphynx Posted June 14, 2007 Author Share Posted June 14, 2007 download uptime.exe and parse the output.I know uptime, but what do you mean by parsing the output ?I need to do this on 420 servers. Link to comment Share on other sites More sharing options...
LordSphynx Posted June 14, 2007 Author Share Posted June 14, 2007 Hi there,That regkey is not good to W2K.You have to check OS versions on servers and execute in differents funcsCheersThanks November for the input. Do you know if Windows 2000 server has an equivalent somewhere for the starttime regkey in windows 2003 ? Link to comment Share on other sites More sharing options...
/dev/null Posted June 14, 2007 Share Posted June 14, 2007 I know uptime, but what do you mean by parsing the output ?I need to do this on 420 servers.You can give uptime.exe an ip address or a name of the server it should check. So, just loop though the list of your 420 servers and run uptime.exe with the appropriate parameters! By "parse the output" I mean, take whatever uptime.exe returns and extract the information you need. Sample output of uptime.exe: \\LP01 has been up for: 6 day(s), 1 hour(s), 22 minute(s), 28 second(s)So, you'll have to extract the day, hour, minute and second.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
November Posted June 14, 2007 Share Posted June 14, 2007 Thanks November for the input. Do you know if Windows 2000 server has an equivalent somewhere for the starttime regkey in windows 2003 ? Hi again, Try to WMi them here: ; Generated by AutoIt Scriptomatic $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Output="" $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "LastBootUpTime: " & WMIDateStringToDate($objItem.LastBootUpTime) & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_OperatingSystem" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) Cheers Old Scriptology Visual Ping 1.8 - Mass Ping Program with export to txt delimited. Desktop 2 RGB and YMCK - Pick a color in the desktop and get the RGB and YMCK code. Desktop 2 RGB - Pick a color in the desktop and get the RGB code. ShootIT 1.0 - Screen Capture full and partial screen [font="'Arial Black';"]Remember Remember The Fifth of November.[/font] Link to comment Share on other sites More sharing options...
olivertwistcoder Posted March 21, 2008 Share Posted March 21, 2008 This script is fun and easy using on a local host, but it doesn't work for any remote machine. I mean that you can't ask a remote server, no answer come back (object is empty). Any idea on it ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now