I was able to get the event log counter vbscript to work with all of my windows 2003 servers.
Has anyone been able to get it to work with windows 2000 server? The script I am using to look for a event log comes up with the following error when I run it, even from a command prompt:
Error 0x80041010
Code 40041010
Source: (null)
The line that it indicates is an issue is:
Set oSvc = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Security)}!\\" & strComputer & "\root\default")
Please note that I tried changing the \root\civ2 which seems to be the wmi settings on a win2k3 box, to \root\default which seems to fit a win2000 server. Any thoughts of why this is failing?
My entire script is:
Option Explicit
const INVALID_PARAMS = 1, SUCCESS = 0, FAIL = 1
Dim oColEvents, oSvc, lst_args
Dim strComputer, strEventArea , strEventID,strEventType, intEventID, strEventSource, strLoggedByUser, strTimeSpanMins, strFindExclusionText, strFindMatchText, strSQL, strSuffix
Dim arg_count, Item, count_unmatch
strSQL = "Select * from Win32_NTLogEvent "
strComputer = "localhost"
strEventArea = ""
strEventType = ""
intEventID = 370
strEventSource = ""
strLoggedByUser = ""
strFindExclusionText = ""
count_unmatch = 0
Set lst_args = WScript.Arguments
If lst_args.Count >0 Then
Else
WScript.Echo "Message: Usage: wscript.exe WinEventLog.vbs ComputerName " & vbCRLF _
& "-computer The computer name " & vbCRLF _
& "-area Name of Windows NT event log file. Together with RecordNumber, this is used to uniquely identify an instance of this class: Application, Security, System and etc." & vbCRLF _
& "-type The Event Type: Error, Warning, Information, Success, Failure." & vbCRLF _
& "-id Identifier of the event. This is specific to the source that generated the event log entry and is used, together with SourceName, to uniquely identify a Windows NT event type." & vbCRLF _
& "-source Name of the source (application, service, driver, or subsystem) that generated the entry. It is used, together with EventIdentifier to uniquely identify a Windows NT event type" & vbCRLF _
& "-exclusion Exclusions by Event Text" & vbCRLF _
& "-match Content Matching Event Text" & vbCRLF _
& "-timespan How many minutes old can the event be" & vbCRLF
WScript.Echo "Statistic: 0"
WScript.Quit( FAIL )
End If
For arg_count = 0 to lst_args.Length - 1
If lst_args(arg_count) = "-area" Then
strEventArea = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " Logfile = '" + strEventArea + "'"
arg_count = arg_count + 1
count_unmatch = count_unmatch + 1
ElseIf lst_args(arg_count) = "-computer" Then
strComputer = lst_args(arg_count + 1)
arg_count = arg_count + 1
ElseIf lst_args(arg_count) = "-type" Then
strEventType = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " Type LIKE '%" + strEventType + "%'"
count_unmatch = count_unmatch +1
ElseIf lst_args(arg_count) = "-id" Then
strEventID = lst_args(arg_count + 1)
intEventID = CInt( strEventID )
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " EventCode = '" + strEventID + "'"
arg_count = arg_count + 1
count_unmatch = count_unmatch + 1
ElseIf lst_args(arg_count) = "-source" Then
strEventSource = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " SourceName LIKE '%" + strEventSource + "%'"
arg_count = arg_count + 1
count_unmatch = count_unmatch + 1
ElseIf lst_args(arg_count) = "-user" Then
strLoggedByUser = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " User LIKE '%" + strLoggedByUser + "%'"
arg_count = arg_count + 1
count_unmatch = count_unmatch +1
ElseIf lst_args(arg_count) = "-timespan" Then
strTimeSpanMins = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
dim dNowStamp,dEndStamp, dToEndTime
Set dNowStamp = CreateObject("WbemScripting.SWbemDateTime")
Set dEndStamp = CreateObject("WbemScripting.SWbemDateTime")
'dToEndTime = Now - 0.0416666666 '0.0416666666 represent 1hour; 1/24 of a day
dToEndTime = Now - strTimeSpanMins / 1440
dNowStamp.SetVarDate Now, True
dEndStamp.SetVarDate dToEndTime, True
strSQL = strSQL + strSuffix + " TimeWritten < '" & dNowStamp & "' and TimeWritten >= '" & dEndStamp & "'"
arg_count = arg_count + 1
count_unmatch = count_unmatch +1
ElseIf lst_args(arg_count) = "-exclusion" Then
strFindExclusionText = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " NOT Message LIKE '%" + strFindExclusionText + "%'"
arg_count = arg_count + 1
count_unmatch = count_unmatch +1
ElseIf lst_args(arg_count) = "-match" Then
strFindMatchText = lst_args(arg_count + 1)
if count_unmatch then
strSuffix = " AND"
else
strSuffix = "Where "
end if
strSQL = strSQL + strSuffix + " Message LIKE '%" + strFindMatchText + "%'"
arg_count = arg_count + 1
count_unmatch = count_unmatch +1
End If
Next
Set oSvc = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Security)}!\\" & strComputer & "\root\default")
Set oColEvents = oSvc.ExecQuery(strSQL)
For Each Item In oColEvents
WScript.Echo "Message: EventType " & Item.EventType & " Event ID " & Item.EventCode & " Source Event " & Item.SourceName & vbCRLF & Item.Message
Next
if oColEvents.Count > 0 Then
WScript.Echo "Statistic: " & CStr(oColEvents.Count)
WScript.Quit(FAIL)
end if
WScript.Echo "Message: No events Found"
WScript.Echo "Statistic: 0"
WScript.Quit(FAIL)
Thanks in advance.
