Contact Info

Crumbtrail

ActiveXperts.com » Administration » Scripts » WMI » jscript sample

Win32_NTLogEvent jscript sample code

The foundations for Manageability in Windows is Windows Management Instrumentation (WMI; formerly WBEM) and WMI extensions for Windows Driver Model (WDM).

ActiveXperts Network Monitor provides the ability to build monitor check routines based on WMI. ActiveXperts has collected more than a hundred WMI samples. You can use these samples as a base for new check routines you can write yourself. The Win32_NTLogEvent WMI class can be used in ActiveXperts Network Monitor to monitor your servers.


Description

The Win32_NTLogEvent WMI class is used to translate instances from the Windows NT event log. An application must have SeSecurityPrivilege in order to receive events from the security event log, otherwise "Access Denied" is returned to the application.

Sample Code

var wbemFlagReturnImmediately = 0x10;
var wbemFlagForwardOnly = 0x20;

var arrComputers = new Array("DELL17");
for (i = 0; i < arrComputers.length; i++) {
   WScript.Echo();
   WScript.Echo("==========================================");
   WScript.Echo("Computer: " + arrComputers[i]);
   WScript.Echo("==========================================");

   var objWMIService = GetObject("winmgmts:\\\\" + arrComputers[i] + "\\root\\CIMV2");
   var colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent", "WQL",
                                          wbemFlagReturnImmediately | wbemFlagForwardOnly);

   var enumItems = new Enumerator(colItems);
   for (; !enumItems.atEnd(); enumItems.moveNext()) {
      var objItem = enumItems.item();

      WScript.Echo("Category: " + objItem.Category);
      WScript.Echo("CategoryString: " + objItem.CategoryString);
      WScript.Echo("ComputerName: " + objItem.ComputerName);
      try { WScript.Echo("Data: " + (objItem.Data.toArray()).join(",")); }
         catch(e) { WScript.Echo("Data: null"); }
      WScript.Echo("EventCode: " + objItem.EventCode);
      WScript.Echo("EventIdentifier: " + objItem.EventIdentifier);
      WScript.Echo("EventType: " + objItem.EventType);
      try { WScript.Echo("InsertionStrings: " + (objItem.InsertionStrings.toArray()).join(",")); }
         catch(e) { WScript.Echo("InsertionStrings: null"); }
      WScript.Echo("Logfile: " + objItem.Logfile);
      WScript.Echo("Message: " + objItem.Message);
      WScript.Echo("RecordNumber: " + objItem.RecordNumber);
      WScript.Echo("SourceName: " + objItem.SourceName);
      WScript.Echo("TimeGenerated: " + WMIDateStringToDate(objItem.TimeGenerated));
      WScript.Echo("TimeWritten: " + WMIDateStringToDate(objItem.TimeWritten));
      WScript.Echo("Type: " + objItem.Type);
      WScript.Echo("User: " + objItem.User);
   }
}

function WMIDateStringToDate(dtmDate)
{
   if (dtmDate == null)
   {
      return "null date";
   }
   var strDateTime;
   if (dtmDate.substr(4, 1) == 0)
   {
      strDateTime = dtmDate.substr(5, 1) + "/";
   }
   else
   {
      strDateTime = dtmDate.substr(4, 2) + "/";
   }
   if (dtmDate.substr(6, 1) == 0)
   {
      strDateTime = strDateTime + dtmDate.substr(7, 1) + "/";
   }
   else
   {
      strDateTime = strDateTime + dtmDate.substr(6, 2) + "/";
   }
   strDateTime = strDateTime + dtmDate.substr(0, 4) + " " +
   dtmDate.substr(8, 2) + ":" +
   dtmDate.substr(10, 2) + ":" +
   dtmDate.substr(12, 2);
   return(strDateTime);
}