gcue Posted November 12, 2008 Share Posted November 12, 2008 here's what im trying to do.. im trying to look at the application event logs for a specific application "Altiris Recovery Solution". I am trying to find the most recent event occurance (whether it's an error, information, or warning) here's what i've started with (information type only - not sure how to work in the other types or where to do the date comparison): any help would be greatly appreciated! #include <GuiConstants.au3> #include <date.au3> $asset = "l0099987" $information = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 3 AND EventCode = 31" $warn = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 12" $error = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName = 'Altiris Recovery Solution' AND EventType = 2 AND EventCode = 1" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & $asset & "\root\cimv2") If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery($information) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Message: " & $objEvent.Message & @CRLF $information_date = $objEvent.TimeWritten $information_date = StringSplit($date, ".") MsgBox(0, "", $information_date[1]) If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf Link to comment Share on other sites More sharing options...
PsaltyDS Posted November 12, 2008 Share Posted November 12, 2008 This demo splits the time string up for you into a form that can be passed to functions like _DateAdd() or _DateDiff(): expandcollapse popup#include <Date.au3> $sComputerName = @ComputerName $objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator") $objWMIService = $objSWbemLocator.ConnectServer($sComputerName, "root\cimv2") $objWMIService.Security_.ImpersonationLevel = 3 $Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog' AND EventCode = 6005" If IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery ($Query_Clause) If IsObj($colItems) Then For $objEvent In $colItems $Output = "" $Output &= "Category: " & $objEvent.Category & @CRLF $Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF $Output &= "Event Code: " & $objEvent.EventCode & @CRLF $Output &= "Message: " & $objEvent.Message & @CRLF $Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF $Output &= "Source Name: " & $objEvent.SourceName & @CRLF $Output &= "Time Generated: " & $objEvent.TimeGenerated & @CRLF $Output &= " ( " & _TimeSplitter($objEvent.TimeGenerated) & " )" & @CRLF $Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF $Output &= " ( " & _TimeSplitter($objEvent.TimeWritten) & " )" & @CRLF $Output &= "Event Type: " & $objEvent.Type & @CRLF $Output &= "User: " & $objEvent.User & @CRLF If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit Next Else MsgBox(16, "Error", "$colItems is not an object.") EndIf Else MsgBox(16, "Error", "$objWMIService is not an object.") EndIf Func _TimeSplitter($sInput) $avTime = StringRegExp($sInput, "(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})", 3) Return $avTime[0] & "/" & $avTime[1] & "/" & $avTime[2] & " " & _ $avTime[3] & ":" & $avTime[4] & ":" & $avTime[5] EndFunc Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
gcue Posted November 12, 2008 Author Share Posted November 12, 2008 thanks ill try it out Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now