Sign in to follow this  
Followers 0
zimy

Event Log to Access db

2 posts in this topic

I seem to be running into a problem as soon as the script hits one of the events. It seems to work until it hits a "bad" one. I removed whitespace thinking that might be the problem. I dont really have the db set up entirely properly i know. i was just looking for a quick working script and then adjusting once the core of it was complete. So sorry for anything sloppy and what not. Any help is GREATLY appreciated. I want to avoid using the vbs file within windows and the ADO udf that is on the forum. If i have to use it ill use it.

Thanks again

Dim $strComputer, $objWMIService, $colLoggedEvents, $objEvent
Dim $newdb, $cat, $conn, $tableCreate, $insertRecord
Dim $Category, $ComputerName, $EventCode, $EventType, $Message,$RecordNumber
Dim $SourceName, $TimeWritten, $Type

$db_name= "c:\EventLog.mdb"
$db_name = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & $db_name
$cat = ObjCreate("ADOX.Catalog")

If Not FileExists("c:\EventLog.mdb") Then
    $cat.Create($db_name)
    $conn = ObjCreate("ADODB.Connection")
    $conn.open($db_name)

    $tableCreate = "CREATE TABLE Events (" & _ 
                "ID AUTOINCREMENT," & _ 
                "Category VARCHAR," & _  
                "ComputerName VARCHAR," & _
                "EventCode INT," & _
                "EventType INT," & _
                "Message MEMO DEFAULT ''," & _
                "RecordNumber INT," & _
                "SourceName VARCHAR," & _
                "TimeWritten VARCHAR," & _
                "Type VARCHAR)"
    $conn.execute($tableCreate)
    $conn.close
EndIf

$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
$colLoggedEvents = $objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System'")

    $conn = ObjCreate("ADODB.Connection")
    $conn.open($db_name)
$x = 0
For $objEvent in $colLoggedEvents
    $Category = StringStripCR(StringStripWS($objEvent.Category,7))
    $ComputerName = StringStripCR(StringStripWS($objEvent.ComputerName,7))
    $EventCode = StringStripCR(StringStripWS($objEvent.EventCode,7))
    $EventType = StringStripCR(StringStripWS($objEvent.EventType,7))
    $Message = StringStripCR(StringStripWS($objEvent.Message,7))
    $RecordNumber = StringStripCR(StringStripWS($objEvent.RecordNumber,7))
    $SourceName = StringStripCR(StringStripWS($objEvent.SourceName,7))
    $TimeWritten = StringStripCR(StringStripWS($objEvent.TimeWritten,7))
    $Type = StringStripCR(StringStripWS($objEvent.Type,7))

    $x = $x + 1
    $insertRecord = "INSERT INTO Events VALUES ('" & $x & "'" & _ 
                    ", '" & $Category & "'" & _
                    ", '" & $ComputerName & "'" & _
                    ", '" & $EventCode & "'" & _
                    ", '" & $EventType & "'" & _
                    ", '" & $Message & "'" & _
                    ", '" & $RecordNumber & "'" & _
                    ", '" & $SourceName & "'" & _
                    ", '" & $TimeWritten & "'" & _
                    ", '" & $Type & "')"
;ConsoleWrite($x & ". " & $insertRecord & @CRLF)
    $conn.Execute($insertRecord)
Next                    
$conn.close
ConsoleWrite("Finished")

Share this post


Link to post
Share on other sites



nvm left single quotes on one of the insert values

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0