EventLog.vbs - Event Log monitor functions for ActiveXperts Network Monitor
ActiveXperts Network Monitor ships with a powerful set of pre-defined checks. Each individual check has a static number of configuration items. To monitor other items, or to combine monitoring items, you can make use of custom VBScript checks.
Most of the built-in checks have a VBScript equivalent, implemented as a Function in a VBScript (.vbs) file. Out-of-the-box, each VBScript function monitors the same items as the built-in check. Feel free to modify a function. The VBScript check can be customized by editing the VBScript function.
To add a new VBScript-based Event Log monitoring check, do the following:
- On the 'Monitor menu', click 'New Monitoring Check (VBScript)'. The 'VBScript Check' dialog box appears;
- In the 'File selection box', select 'EventLog.vbs';
- In the 'Function selection box', select 'CheckEventLog';
- In the 'Function parameters group box' enter the required parameters. You can also load a working sample first by clicking on the 'Load a sample, click here' link.
To customize the above monitoring check, click on the 'Edit button' next to the 'File selection box'. Notepad will be launched. You can now make changes to the VBScript function(s).
EventLog.vbs script source code
' ///////////////////////////////////////////////////////////////////////////////
' // ActiveXperts Network Monitor - VBScript based checks
' // (c) ActiveXperts Software B.V.
' //
' // For more information about ActiveXperts Network Monitor and VBScript, please
' // visit the online ActiveXperts Network Monitor VBScript Guidelines at:
' // https://www.activexperts.com/support/network-monitor/online/vbscript/
' //
' ///////////////////////////////////////////////////////////////////////////////
'
Option Explicit
Const retvalUnknown = 1
Dim SYSDATA, SYSEXPLANATION ' Used by Network Monitor, don't change the names
' ///////////////////////////////////////////////////////////////////////////////
' // To test a function outside Network Monitor (e.g. using CSCRIPT from the
' // command line), remove the comment character (') in the following 5 lines:
' Dim bResult
' bResult = CheckEventLog( "localhost", "", "application", "1", "AxsNmSvc", False )
' WScript.Echo "Return value: [" & bResult & "]"
' WScript.Echo "SYSDATA: [" & SYSDATA & "]"
' WScript.Echo "SYSEXPLANATION: [" & SYSEXPLANATION & "]"
' ////////////////////////////////////////////////////////////////////////////////////////
Function CheckEventLog( strComputer, strCredentials, strLogFile, strEventCode, strSourceName, bErrorWhenFound )
' Description:
' Check the EventLog, find Events that match the given EventCode and SourceName
' If the event is found, the result is True, otherwise the result is False
' Parameters:
' 1) strComputer As String - Hostname or IP address of the computer you want to monitor
' 2) strCredentials As String - Specify an empty string to use Network Monitor service credentials.
' To use alternate credentials, enter a server that is defined in Server Credentials table.
' (To define Server Credentials, choose Tools->Options->Server Credentials)
' 3) strLogFile As String - Name of the Logfile, for instance: Application
' 4) strEventCode As String - EventCode, for instance: "8000". Use the "*" wildcard to select all
' 5) strSourceName As String - Name of the Source, for instance "AxsNmSvc". Use the "*" wildcard to select all
' 6) bErrorWhenFound As Boolean - When 1 or more events are matched, result is: Error or Success
' Usage:
' CheckEventLog( "<Hostname | IP>", "<Empty String | Server>", "<Application | System | ...>", "event_id", "<Source Name>", TRUE | FALSE )
' Sample:
' CheckEventLog( "localhost", "", "application", "1", "AxsNmSvc", FALSE )
Dim objWMIService
CheckEventLog = retvalUnknown ' True, False or retvalUnknown
SYSDATA = "" ' Initally empty; will contain the number of events matched
SYSEXPLANATION = "" ' Set initial value
If( Not getWMIObject( strComputer, strCredentials, objWMIService, SYSEXPLANATION ) ) Then
Exit Function
End If
CheckEventLog = checkEventLogWMI( objWMIService, strComputer, strLogFile, strEventCode, strSourceName, bErrorWhenFound, SYSDATA, SYSEXPLANATION )
End Function
' //////////////////////////////////////////////////////////////////////////////
' //
' // Private Functions
' // NOTE: Private functions are used by the above functions, and will not
' // be called directly by the ActiveXperts Network Monitor Service.
' // Private function names start with a lower case character and will
' // not be listed in the Network Monitor's function browser.
' //
' //////////////////////////////////////////////////////////////////////////////
Function checkEventLogWMI( objWMIService, strComputer, strLogFile, strEventCode, strSourceName, bErrorWhenFound, BYREF strSysData, BYREF strSysExplanation )
Dim colLoggedEvents
Dim strQuery
checkEventLogWMI = retvalUnknown
strSysExplanation = ""
strSysData = ""
strQuery = "Select * from Win32_NTLogEvent Where Logfile = '" & strLogFile & "'"
If( strSourceName <> "" AND strSourceName <> "*" ) Then
' NOTE: Applications and Services Logs have the 'Microsoft-Windows-' prefix in the sourcename; therefore we always try with that prefix too (besides the regular sourcename)
strQuery = strQuery & " AND ( SourceName='" & strSourceName & "' Or SourceName='Microsoft-Windows-" & strSourceName & "')"
End If
If( strEventCode <> "" AND strEventCode <> "*" ) Then
strQuery = strQuery & " AND EventCode = '" & strEventCode & "'"
End If
On Error Resume Next
Set colLoggedEvents = objWMIService.ExecQuery( strQuery )
If( Err.Number <> 0 ) Then
strSysData = ""
strSysExplanation = "Unable to query WMI on computer [" & strComputer & "]"
Exit Function
End If
If( colLoggedEvents.Count <= 0 ) Then
If( bErrorWhenFound ) Then
checkEventLogWMI = True
Else
checkEventLogWMI = False
End If
strSysData = 0
strSysExplanation = "Event Not Found"
Exit Function
End If
On Error Goto 0
If( bErrorWhenFound ) Then
checkEventLogWMI = False
Else
checkEventLogWMI = True
End If
strSysData = colLoggedEvents.Count
strSysExplanation = "Event Found (" & colLoggedEvents.Count & " entries found in the Event Log)"
End Function
' //////////////////////////////////////////////////////////////////////////////
Function getWMIObject( strComputer, strCredentials, BYREF objWMIService, BYREF strSysExplanation )
On Error Resume Next
Dim objNMServerCredentials, objSWbemLocator, colItems
Dim strUsername, strPassword
getWMIObject = False
Set objWMIService = Nothing
If( strCredentials = "" ) Then
' Connect to remote host on same domain using same security context
Set objWMIService = GetObject( "winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer &"\root\cimv2" )
Else
Set objNMServerCredentials = CreateObject( "ActiveXperts.NMServerCredentials" )
strUsername = objNMServerCredentials.GetLogin( strCredentials )
strPassword = objNMServerCredentials.GetPassword( strCredentials )
If( strUsername = "" ) Then
getWMIObject = False
strSysExplanation = "No alternate credentials defined for [" & strCredentials & "]. In the Manager application, select 'Options' from the 'Tools' menu and select the 'Server Credentials' tab to enter alternate credentials"
Exit Function
End If
' Connect to remote host using different security context and/or different domain
Set objSWbemLocator = CreateObject( "WbemScripting.SWbemLocator" )
Set objWMIService = objSWbemLocator.ConnectServer( strComputer, "root\cimv2", strUsername, strPassword )
If( Err.Number <> 0 ) Then
objWMIService = Nothing
getWMIObject = False
strSysExplanation = "Unable to access [" & strComputer & "]. Possible reasons: WMI not running on the remote server, Windows firewall is blocking WMI calls, insufficient rights, or remote server down"
Exit Function
End If
objWMIService.Security_.ImpersonationLevel = 3
End If
If( Err.Number <> 0 ) Then
objWMIService = Nothing
getWMIObject = False
strSysExplanation = "Unable to access '" & strComputer & "'. Possible reasons: no WMI installed on the remote server, no rights to access remote WMI service, or remote server down"
Exit Function
End If
getWMIObject = True
End Function