Contact Info

Crumbtrail » Network Monitor » Scripts » Custom Script

eventlog.vbs - vbscript script by ActiveXperts Software

eventlog.vbs checks whether certain events exist in a Event Log.

Use eventlog.vbs directly from ActiveXperts Network Monitor; in the Manager's 'Monitor' menu, select 'New Check (Script)' and select eventlog.vbs. Configure the required parameter, or press 'Load a working sample'.

In ActiveXperts Network Monitor, Administrators can use three different scripting languages: Powershell, VBScript and SSH.

eventlog.vbs script code

' ///////////////////////////////////////////////////////////////////////////////
' // ActiveXperts Network Monitor  - VBScript based checks
' // For more information about ActiveXperts Network Monitor and VBScript, visit
' //
' ///////////////////////////////////////////////////////////////////////////////

Option Explicit

' Declaration of global variables
Dim   SYSDATA, SYSEXPLANATION   ' SYSDATA is displayed in the 'Data' column in the Manager; SYSEXPLANATION in the 'LastResponse' column

' Constants - return values
Const retvalUnknown = 1         ' ActiveXperts Network Monitor functions should always return True (-1, Success), False (0, Error) or retvalUnknown (1, Uncertain)

' // To test a function outside Network Monitor (e.g. using CSCRIPT from the
' // command line), remove the comment character (') in the following lines:
' Dim bResult
' bResult = CheckEventLog( "localhost", "", "application", "1", "AxNmSvc", "ActiveXperts Network Monitor", False )
' WScript.Echo "Return value: [" & bResult & "]"
' WScript.Echo "SYSDATA: [" & SYSDATA & "]"

Function CheckEventLog( strHost, strAltCredentials, strEvtLogFile, strEventID, strEvtSource, strEvtDescriptionPattern, bErrorWhenFound )
' Description: 
'   Check a Windows Event Log 
'   This function uses the ActiveXperts 'NMWev' Windows Event Log ActiveX object.
'   It supports NT compliant .EVT Event Logs, as well as Microsoft's latests .EVTX Event Log formats.
' Parameters:
'   1) strHost As String - Hostname or IP address of the computer you want to ping
'   2) strAltCredentials As String - Specify an empty string to use Network Monitor service credentials.
'       To use alternate credentials, enter a server that is defined in Server Credentials table.
'       (To define Server Credentials, choose Tools->Options->Server Credentials)'     
'   3) strEvtLogFile As String - Name of the Logfile, for instance: Application
'   4) strEventID As String - EventCode, for instance: "8000". Use the "*" wildcard to select all
'   5) strEvtSource As String - Name of the Source, for instance "AxNmSvc". Use the "*" wildcard to select all
'   6) strEvtDescriptionPattern - Pattern to match in the description. Use the '*' wildcard to select all
'   7) bErrorWhenFound As Boolean - When 1 or more events are matched, result is: Error or Success
' Usage:
'   CheckEventLog( "<Hostname | IP>", "<Empty String | Server>", "<Application | System | ...>", "<event_id>", "<Source Name>", "<Pattern>", <True | False> )
' Sample:
'   CheckEventLog( "localhost", "", "application", "1", "AxNmSvc", "ActiveXperts Network Monitor", False )
' This function uses of the 'ActiveXperts.NMWev' ActiveX control to access Windows .evt and .evtx Event Logs on remote computers. 
' The control simplifies the XPath programming logic, by providing easy-to-use functions to access event logs.
' ActiveXperts.NMWev data members:
'  - LastError. Use it to check the result of a function. After a call to a function, LastError will be 0 for success, or else a positive error code.
'    Error codes can be lookup up here:
' ActiveXperts.NMWev functions:
'  - Initialize( LogFile As String ). Initializes the 'ActiveXperts.NMWev' object. Pass a valid log filename for troubleshooting purposes/
'  - Shutdown(). Call it to unintialize the object. Should always be called at the end of the script.
'  - Clear(). Clears the LastError property of the object.
'  - BuildQuery( EventLog As String, FilterSource As String, FilterEventID As String, FilterTaskCategory As String, FilterUser As String, FilterData As String, LevelFlags As Number, TimeSpanMilliseconds As Number )
'     Function returns an XPath string that can be used in FindFirstEvent's first parameter.
'     Use the ActiveXperts Event Log Diagnostic Utility to see how XPath queries are defined. Such XPath string can be simply copy/pasted into this script, instead of using 'BuildQuery'.
'  - GetLevelFlag( Information As Boolean, LevelWarning As Boolean, LevelError As Boolean, LevelCritical As Boolean, LevelVerbose As Boolean, LevelSuccess As Boolean, LevelFailure As Boolean )
'     The function returns a number value that can be used as input parameter to BuildQuery's LevelFlags parameter.
'  - Connect( Host As String, AlternateUser As String, AlternatePassword As String )
'     Establishes a connection to a (remote) host.
'     AlternateUser and AlternatePassword should only be set in case alternate credentials should be used.
'  - Disconnect
'     Disconnects the connected session.
'  - FindFirstEvent( XPathQuery As String, MatchDescription As String, MatchDescriptionCase As Boolean, MatchDescriptionRegExpression As Boolean )
'     The function returns the first event (As String).
'     Parameter XPathQuery: can be defined by BuildQuery function.
'     Parameter MatchDescription: the description pattern that should be matched, or empty if no pattern matching should be used.
'     Parameter MatchDescriptionCase: if MatchDescription is set, this parameter tells whether or not case senstsitive matching should be performed.
'     Parameter MatchDescriptionRegExpression: if MatchDescription is set, this parameter tells whether or not case regular expressions are used in MatchDescription
'  - FindNextEvent()
'     Retrieves the next event. Should always be called after a successfull call to FindNextEvent.

  Dim objNmWev, strSysExplanation
  Dim strAltLogin, strAltPassword
  Dim numLevelFlag, strQuery, strEvent, numEvents
  CheckEventLog   = retvalUnknown  ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
  SYSDATA         = ""             ' SYSDATA displayed in the 'Data' column in the Manager          
  SYSEXPLANATION  = ""             ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager 
  strAltLogin     = ""
  strAltPassword  = ""  
  numEvents           = 0

  ' Cretae ActiveXperts Windows Event Log object
  Set objNmWev = CreateObject( "ActiveXperts.NMWev" )
  ' Initialze EventLog object. Optional parameter: a log file, for debugging purposes
  objNmWev.Initialize( "" )
  If( objNmWev.LastError <> 0 ) Then
    CheckEventLog   = retvalUnknown
    SYSDATA         = ""
    SYSEXPLANATION  = "Failed to initialize EventLog object."
    Exit Function
  End If 
  ' If alternate credentials are specified, retrieve the alternate login and password from the ActiveXperts global settings
  If( strAltCredentials <> "" ) Then	
    If( Not getCredentials( strHost, strAltCredentials, strAltLogin, strAltPassword, SYSEXPLANATION )) Then
      Exit Function
    End If
  End If 
  ' Connect. If strAltLogin is empty, the service credentials will be used
  objNmWev.Connect strHost, strAltLogin, strAltPassword
  If( objNmWev.LastError <> 0 ) Then
    CheckEventLog  = retvalUnknown
    SYSDATA         = ""
    SYSEXPLANATION  = "Failed to connect."
    Exit Function
  End If     

  ' Get Level Flag. 
  ' Param1: Information Events (yes/no)
  ' Param2: Warning Events (yes/no)
  ' Param3: Error Events (yes/no)
  ' Param4: Critical Events (yes/no)
  ' Param5: Verbose Events (yes/no)
  ' Param6: Success Events (yes/no)
  ' Param7: Failure Events (yes/no)
  numLevelFlag = objNmWev.GetLevelFlag( True, True, True, True, True, True, True )
  ' Get Query string. 
  ' Param1: Event Log File, e.g. "Application"
  ' Param2: Event Source. Use "*" for any source
  ' Param3: Event ID. Use "*" for any event ID
  ' Param4: Event Category. Use "*" for any event category
  strQuery = objNmWev.BuildQuery( strEvtLogFile, strEvtSource, strEventID, "*", "*", "*", numLevelFlag , 0 )    
  ' Get First event
  ' Param1: The Query
  ' Param2: Description to match. If empty, no description pattern matching will be performed
  ' Param3: Descriptioon matching case sensitive (yes/no)
  ' Param4: Use regular expressions for pattern matching (yes/no)
  ' NOTE: we're not making use of regular expressions. (change the latter to True if you wish!)
  ' However, it is nice to have '*' as any description. Let's convert '*' to '' because that's what most people expect.
  If( strEvtDescriptionPattern = "*" ) Then
    strEvtDescriptionPattern = ""
  End If
  strEvent = objNmWev.FindFirstEvent( strQuery, strEvtDescriptionPattern, False, False )
  While( objNmWev.LastError = 0 )
    numEvents = numEvents + 1
    strEvent = objNmWev.FindNextEvent()
  If( bErrorWhenFound And numEvents > 0 ) Then
    CheckEventLog = False
    CheckEventLog = True
  End If
  SYSEXPLANATION  = "Events found: [" & numEvents & "]"
  SYSDATA = numEvents
  ' Disconnect
  ' Uninitialize

End Function

' //////////////////////////////////////////////////////////////////////////////
' // --- Private Functions section ---
' // Private functions names should start with a lower case character, so they 
' // will not be listed in the Network Monitor's function browser.
' //////////////////////////////////////////////////////////////////////////////

Function getCredentials( strHost, strAltCredentials, BYREF strAltLogin, BYREF strAltPassword, BYREF strSysExplanation )	

  Dim objNMServerCredentials
  strAltLogin = ""
  strAltPassword = ""
  strSysExplanation = ""
  getCredentials  = False    
  If( strAltCredentials = "" ) Then
    ' No alternate credentials specified, so login and password are empty and service credentials will be used
    getCredentials = True
    Exit Function
  End If
  Set objNMServerCredentials = CreateObject( "ActiveXperts.NMServerCredentials" )

  strAltLogin           = objNMServerCredentials.GetLogin( strAltCredentials )
  strAltPassword        = objNMServerCredentials.GetPassword( strAltCredentials )

  If( strAltLogin = "" ) Then
      getCredentials      = False
      strSysExplanation = "No alternate credentials defined for [" & strAltCredentials & "]. In the Manager application, select 'Options' from the 'Tools' menu and select the 'Server Credentials' tab to enter alternate credentials"
      Exit Function
  End If   

  getCredentials = True 

End Function