conditional logic

[gcue]

here's what im trying to do..

im trying to look at the application event logs for a specific application "Altiris Recovery Solution". I am trying to find the most recent event occurance (whether it's an error, information, or warning)

here's what i've started with (information type only - not sure how to work in the other types or where to do the date comparison):

any help would be greatly appreciated!

#include <GuiConstants.au3>
#include <date.au3>

$asset = "l0099987"

$information = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 3 AND EventCode = 31"
$warn = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 12"
$error = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 1"

$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & $asset & "\root\cimv2")
If IsObj($objWMIService) Then
    $colItems = $objWMIService.ExecQuery($information)
    If IsObj($colItems) Then
        For $objEvent In $colItems
            $Output = ""
            $Output &= "Message: " & $objEvent.Message & @CRLF
                        
            $information_date = $objEvent.TimeWritten
            $information_date = StringSplit($date, ".")
            
            MsgBox(0, "", $information_date[1])
            
            If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & "Continue?") = 7 Then Exit
        Next
    Else
        MsgBox(16, "Error", "$colItems is not an object.")
    EndIf
Else
    MsgBox(16, "Error", "$objWMIService is not an object.")
EndIf

[PsaltyDS]

This demo splits the time string up for you into a form that can be passed to functions like _DateAdd() or _DateDiff():

expandcollapse popup

#include <Date.au3>

$sComputerName = @ComputerName

$objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator")
$objWMIService = $objSWbemLocator.ConnectServer($sComputerName, "root\cimv2")
$objWMIService.Security_.ImpersonationLevel = 3

$Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = 6005"
If IsObj($objWMIService) Then
    $colItems = $objWMIService.ExecQuery ($Query_Clause)
    If IsObj($colItems) Then
        For $objEvent In $colItems
            $Output = ""
            $Output &= "Category: " & $objEvent.Category & @CRLF
            $Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF
            $Output &= "Event Code: " & $objEvent.EventCode & @CRLF
            $Output &= "Message: " & $objEvent.Message & @CRLF
            $Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF
            $Output &= "Source Name: " & $objEvent.SourceName & @CRLF
            $Output &= "Time Generated: " & $objEvent.TimeGenerated & @CRLF
            $Output &= "     ( " & _TimeSplitter($objEvent.TimeGenerated) & " )" & @CRLF
            $Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF
            $Output &= "     ( " & _TimeSplitter($objEvent.TimeWritten) & " )" & @CRLF
            $Output &= "Event Type: " & $objEvent.Type & @CRLF
            $Output &= "User: " & $objEvent.User & @CRLF
            If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit
        Next
    Else
        MsgBox(16, "Error", "$colItems is not an object.")
    EndIf
Else
    MsgBox(16, "Error", "$objWMIService is not an object.")
EndIf

Func _TimeSplitter($sInput)
    $avTime = StringRegExp($sInput, "(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})", 3)
    Return $avTime[0] & "/" & $avTime[1] & "/" & $avTime[2] & " " & _
            $avTime[3] & ":" & $avTime[4] & ":" & $avTime[5]    
EndFunc

[gcue]

thanks ill try it out