vcent Posted March 21, 2009 Share Posted March 21, 2009 Hi, I used to have a vbscript to read new event logs and filter off and export data as required. I wish to do the same with AutoIT. Export current data using the examples is okay. But I wonder what is the technique to wait for new event in event logs? Thanks a lot! Link to comment Share on other sites More sharing options...
TerarinK Posted March 21, 2009 Share Posted March 21, 2009 Hey there, I would use a WMI for a continous looping. You should really view http://www.autoitscript.com/forum/index.php?showtopic=10534 and read up on how to get the Win32_NT******* files there. A exampe are these two:expandcollapse popup$wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $strComputer = "localhost" $Output="" $Output &= "Computer: " & $strComputer & @CRLF $Output &= "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NTEventlogFile", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output &= "AccessMask: " & $objItem.AccessMask & @CRLF $Output &= "Archive: " & $objItem.Archive & @CRLF $Output &= "Caption: " & $objItem.Caption & @CRLF $Output &= "Compressed: " & $objItem.Compressed & @CRLF $Output &= "CompressionMethod: " & $objItem.CompressionMethod & @CRLF $Output &= "CreationClassName: " & $objItem.CreationClassName & @CRLF $Output &= "CreationDate: " & WMIDateStringToDate($objItem.CreationDate) & @CRLF $Output &= "CSCreationClassName: " & $objItem.CSCreationClassName & @CRLF $Output &= "CSName: " & $objItem.CSName & @CRLF $Output &= "Description: " & $objItem.Description & @CRLF $Output &= "Drive: " & $objItem.Drive & @CRLF $Output &= "EightDotThreeFileName: " & $objItem.EightDotThreeFileName & @CRLF $Output &= "Encrypted: " & $objItem.Encrypted & @CRLF $Output &= "EncryptionMethod: " & $objItem.EncryptionMethod & @CRLF $Output &= "Extension: " & $objItem.Extension & @CRLF $Output &= "FileName: " & $objItem.FileName & @CRLF $Output &= "FileSize: " & $objItem.FileSize & @CRLF $Output &= "FileType: " & $objItem.FileType & @CRLF $Output &= "FSCreationClassName: " & $objItem.FSCreationClassName & @CRLF $Output &= "FSName: " & $objItem.FSName & @CRLF $Output &= "Hidden: " & $objItem.Hidden & @CRLF $Output &= "InstallDate: " & WMIDateStringToDate($objItem.InstallDate) & @CRLF $Output &= "InUseCount: " & $objItem.InUseCount & @CRLF $Output &= "LastAccessed: " & WMIDateStringToDate($objItem.LastAccessed) & @CRLF $Output &= "LastModified: " & WMIDateStringToDate($objItem.LastModified) & @CRLF $Output &= "LogfileName: " & $objItem.LogfileName & @CRLF $Output &= "Manufacturer: " & $objItem.Manufacturer & @CRLF $Output &= "MaxFileSize: " & $objItem.MaxFileSize & @CRLF $Output &= "Name: " & $objItem.Name & @CRLF $Output &= "NumberOfRecords: " & $objItem.NumberOfRecords & @CRLF $Output &= "OverwriteOutDated: " & $objItem.OverwriteOutDated & @CRLF $Output &= "OverWritePolicy: " & $objItem.OverWritePolicy & @CRLF $Output &= "Path: " & $objItem.Path & @CRLF $Output &= "Readable: " & $objItem.Readable & @CRLF $strSources = $objItem.Sources(0) $Output &= "Sources: " & $strSources & @CRLF $Output &= "Status: " & $objItem.Status & @CRLF $Output &= "System: " & $objItem.System & @CRLF $Output &= "Version: " & $objItem.Version & @CRLF $Output &= "Writeable: " & $objItem.Writeable & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" Next Else Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NTEventlogFile" ) Endif Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFuncoÝ÷ Ù«¢+ØÀÌØíݵ±IÑÕɹ%µµ¥Ñ±äôÁàÄÀ(ÀÌØíݵ±½ÉÝÉ=¹±äôÁàÈÀ(ÀÌØí½±%ѵÌôÅÕ½ÐìÅÕ½Ðì(ÀÌØíÍÑÉ ½µÁÕÑÈôÅÕ½Ðí±½±¡½ÍÐÅÕ½Ðì((ÀÌØí=ÕÑÁÕÐôÅÕ½ÐìÅÕ½Ðì(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí ½µÁÕÑÈèÅÕ½ÐìµÀìÀÌØíÍÑÉ ½µÁÕÑȵÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôÅÕ½ÐìµÀì I1(ÀÌØí½©]5%MÉÙ¥ô=©Ð ÅÕ½ÐíÝ¥¹µµÑÌèÀäÈìÀäÈìÅÕ½ÐìµÀìÀÌØíÍÑÉ ½µÁÕÑȵÀìÅÕ½ÐìÀäÈìÅÕ½Ðì¤(ÀÌØí½±%ѵÌôÀÌØí½©]5%MÉÙ¥¹áEÕÉä ÅÕ½ÐíM1 P¨I=4]¥¸ÌÉ}9Q1½Ù¹ÐÅÕ½Ðì°ÅÕ½Ðí]E0ÅÕ½Ðì°|(ÀÌØíݵ±IÑÕɹ%µµ¥Ñ±ä¬ÀÌØíݵ±½ÉÝÉ=¹±ä¤()%%Í=¨ ÀÌØí½±%ѵ̤ѡ¸(½ÈÀÌØí½©%Ñ´%¸ÀÌØí½±%ѵÌ(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí ѽÉäèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹ ѽÉäµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí ѽÉåMÑÉ¥¹èÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹ ѽÉåMÑÉ¥¹µÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí ½µÁÕÑÉ9µèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹ ½µÁÕÑÉ9µµÀì I1(ÀÌØíÍÑÉÑôÀÌØí½©%Ñ´¹Ñ À¤(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíÑèÅÕ½ÐìµÀìÀÌØíÍÑÉѵÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíÙ¹Ñ ½èÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹Ù¹Ñ ½µÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíÙ¹Ñ%¹Ñ¥¥ÈèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹Ù¹Ñ%¹Ñ¥¥ÈµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíÙ¹ÑQåÁèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹Ù¹ÑQåÁµÀì I1(ÀÌØíÍÑÉ%¹ÍÉÑ¥½¹MÑÉ¥¹ÌôÀÌØí½©%Ñ´¹%¹ÍÉÑ¥½¹MÑÉ¥¹Ì À¤(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí%¹ÍÉÑ¥½¹MÑÉ¥¹ÌèÅÕ½ÐìµÀìÀÌØíÍÑÉ%¹ÍÉÑ¥½¹MÑÉ¥¹ÌµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí1½¥±èÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹1½¥±µÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½Ðí5ÍÍèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹5Í͵Àì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíI½É9ÕµÈèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹I½É9յȵÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíM½ÕÉ9µèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹M½ÕÉ9µµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíQ¥µ¹ÉÑèÅÕ½ÐìµÀì]5%ÑMÑÉ¥¹Q½Ñ ÀÌØí½©%Ñ´¹Q¥µ¹ÉѤµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíQ¥µ]É¥ÑѸèÅÕ½ÐìµÀì]5%ÑMÑÉ¥¹Q½Ñ ÀÌØí½©%Ñ´¹Q¥µ]É¥ÑѸ¤µÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíQåÁèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹QåÁµÀì I1(ÀÌØí=ÕÑÁÕеÀìôÅÕ½ÐíUÍÈèÅÕ½ÐìµÀìÀÌØí½©%Ñ´¹UÍȵÀì I1(¥5ͽà Ä°ÅÕ½Ðí]5$=ÕÑÁÕÐÅÕ½Ðì°ÀÌØí=ÕÑÁÕФôÈÑ¡¸á¥Ñ1½½À(ÀÌØí=ÕÑÁÕÐôÅÕ½ÐìÅÕ½Ðì(9áÐ)±Í(5ͽà À°ÅÕ½Ðí]5$=ÕÑÁÕÐÅÕ½Ðì°ÅÕ½Ðí9¼]5$=©Ñ̽չ½È±ÍÌèÅÕ½ÐìµÀìÅÕ½Ðí]¥¸ÌÉ}9Q1½Ù¹ÐÅÕ½Ðì¤)¹¥(()Õ¹]5%ÑMÑÉ¥¹Q½Ñ ÀÌØíѵѤ((%IÑÕɸ¡MÑÉ¥¹5¥ ÀÌØíѵѰ԰ȤµÀìÅÕ½Ðì¼ÅÕ½ÐìµÀì|(%MÑÉ¥¹5¥ ÀÌØíѵѰܰȤµÀìÅÕ½Ðì¼ÅÕ½ÐìµÀìMÑÉ¥¹1Ð ÀÌØíѵѰФ|($µÀìÅÕ½ÐìÅÕ½ÐìµÀìMÑÉ¥¹5¥ ÀÌØíѵѰä°È¤µÀìÅÕ½ÐìèÅÕ½ÐìµÀìMÑÉ¥¹5¥ ÀÌØíѵѰÄİȤµÀìÅÕ½ÐìèÅÕ½ÐìµÀìMÑÉ¥¹5¥ ÀÌØíѵѰÄ̰Ȥ¤)¹Õ¹There are many ways to wait for your programs, but simply Wait([mmseconds]) works. 0x576520616C6C206469652C206C697665206C69666520617320696620796F75207765726520696E20746865206C617374207365636F6E642E Link to comment Share on other sites More sharing options...
PsaltyDS Posted March 21, 2009 Share Posted March 21, 2009 Hi,I used to have a vbscript to read new event logs and filter off and export data as required.I wish to do the same with AutoIT. Export current data using the examples is okay. But I wonder what is the technique to wait for new event in event logs?Thanks a lot!There is a an EventLog.au3 UDF included with the current version of AutoIt. I posted a demo with it not too long ago that reads the 10 oldest and 10 newest entries from the event log. Should be easy to find with a quick search. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
vcent Posted March 25, 2009 Author Share Posted March 25, 2009 Thanks all....they looked very similar to the vbscript I have. I have this vbscript strComputer = "." Set WshNetwork = WScript.CreateObject("WScript.Network") Set WshShell = wscript.CreateObject("wscript.Shell") Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2") Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ ("Select * from __InstanceCreationEvent where " _ & "TargetInstance ISA 'Win32_NTLogEvent' " _ & "AND (TargetInstance.Type = 'Error' ") Do Set objEvent = colMonitoredEvents.NextEvent() objEvent.TargetInstance.Message Loop What I'm most interested is get new events that falls under my WQL. How do you loop like the vbscript. Tried a few loops w/o success. Link to comment Share on other sites More sharing options...
MrMitchell Posted March 25, 2009 Share Posted March 25, 2009 Terarink's second example loops through each event, and formats it... For $objItem In $colItems All you should have to do is add your filter inside the loop, say using an if statement. If $objItem.EventCode (in the following example) matches your criteria, do something with it, otherwise do nothing. Here's that block minus a few lines... If IsObj($colItems) then For $objItem In $colItems If $objItem.EventCode = 105 Then ;<----Added $Output &= "ComputerName: " & $objItem.ComputerName & @CRLF $Output &= "EventCode: " & $objItem.EventCode & @CRLF $Output &= "EventIdentifier: " & $objItem.EventIdentifier & @CRLF $Output &= "EventType: " & $objItem.EventType & @CRLF $Output &= "Message: " & $objItem.Message & @CRLF $Output &= "RecordNumber: " & $objItem.RecordNumber & @CRLF $Output &= "SourceName: " & $objItem.SourceName & @CRLF $Output &= "TimeGenerated: " & WMIDateStringToDate($objItem.TimeGenerated) & @CRLF $Output &= "TimeWritten: " & WMIDateStringToDate($objItem.TimeWritten) & @CRLF $Output &= "User: " & $objItem.User & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" EndIf ;<----Added Next In terms of efficiency this might not be the way to go. But, is that what you're looking to do? Link to comment Share on other sites More sharing options...
vcent Posted March 25, 2009 Author Share Posted March 25, 2009 I looked at one example.This is my current code but there is an error $strComputer = "." $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colMonitoredEvents = $objWMIService.ExecNotificationQuery _ ("Select * from __InstanceCreationEvent WITHIN 5 where " _ & "TargetInstance ISA 'Win32_NTLogEvent' " _ & " AND TargetInstance.EventCode = '7036' ") While 1 $objEventObject = $colMonitoredEvents.NextEvent() MsgBox(0, "Test", $objEventObject.TargetInstance.Message) WEnd Line from here __InstanceCreationEvent - Error Not sure what is the cause Link to comment Share on other sites More sharing options...
PsaltyDS Posted March 25, 2009 Share Posted March 25, 2009 (edited) I looked at one example.This is my current code but there is an error $strComputer = "." $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colMonitoredEvents = $objWMIService.ExecNotificationQuery _ ("Select * from __InstanceCreationEvent WITHIN 5 where " _ & "TargetInstance ISA 'Win32_NTLogEvent' " _ & " AND TargetInstance.EventCode = '7036' ") While 1 $objEventObject = $colMonitoredEvents.NextEvent() MsgBox(0, "Test", $objEventObject.TargetInstance.Message) WEnd Line from here __InstanceCreationEvent - Error Not sure what is the cause Your string appending across multiple lines is not formatted right: $colMonitoredEvents = $objWMIService.ExecNotificationQuery( _ "Select * from __InstanceCreationEvent WITHIN 5 where " & _ "TargetInstance ISA 'Win32_NTLogEvent' " & _ " AND TargetInstance.EventCode = '7036' ") Edit: Oops, should have tested first. Your formatting works too: $sString = 'Test' $sString = StringUpper _ ($sString _ & "One") ConsoleWrite("$sString = " & $sString & @LF) Just ignore me... Edited March 25, 2009 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now