gcue Posted November 12, 2008 Posted November 12, 2008 here's what im trying to do.. im trying to look at the application event logs for a specific application "Altiris Recovery Solution". I am trying to find the most recent event occurance (whether it's an error, information, or warning) here's what i've started with (information type only - not sure how to work in the other types or where to do the date comparison): any help would be greatly appreciated! #include <GuiConstants.au3> #include <date.au3> $asset = "l0099987" $information = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 3 AND EventCode = 31" $warn = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 12" $error = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 1" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & $asset & "\root\cimv2") If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery($information) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Message: " & $objEvent.Message & @CRLF $information_date = $objEvent.TimeWritten $information_date = StringSplit($date, ".") MsgBox(0, "", $information_date[1]) If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf
PsaltyDS Posted November 12, 2008 Posted November 12, 2008 This demo splits the time string up for you into a form that can be passed to functions like _DateAdd() or _DateDiff(): expandcollapse popup#include <Date.au3> $sComputerName = @ComputerName $objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator") $objWMIService = $objSWbemLocator.ConnectServer($sComputerName, "root\cimv2") $objWMIService.Security_.ImpersonationLevel = 3 $Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = 6005" If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery ($Query_Clause) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Category: " & $objEvent.Category & @CRLF $Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF $Output &= "Event Code: " & $objEvent.EventCode & @CRLF $Output &= "Message: " & $objEvent.Message & @CRLF $Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF $Output &= "Source Name: " & $objEvent.SourceName & @CRLF $Output &= "Time Generated: " & $objEvent.TimeGenerated & @CRLF $Output &= " ( " & _TimeSplitter($objEvent.TimeGenerated) & " )" & @CRLF $Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF $Output &= " ( " & _TimeSplitter($objEvent.TimeWritten) & " )" & @CRLF $Output &= "Event Type: " & $objEvent.Type & @CRLF $Output &= "User: " & $objEvent.User & @CRLF If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf Func _TimeSplitter($sInput) $avTime = StringRegExp($sInput, "(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})", 3) Return $avTime[0] & "/" & $avTime[1] & "/" & $avTime[2] & " " & _ $avTime[3] & ":" & $avTime[4] & ":" & $avTime[5] EndFunc Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now