Nützliche WMI-Administratorskripte

Ich habe eine Menge WMIC-Schnipsel zusammengetragenHier.

Eines habe ich geschrieben, um einem Kollegen zu helfen, der per RDP auf einen Server zugegriffen hat, die Ereignisanzeige geöffnet und nach Fehlern durchsucht hat. Dann habe ich das für die anderen 3 Server wiederholt ... jeden Tag.

'
' WMI script to read all eventlog errors generated since last time this script was run.
' This script reads a datetime value from a file (EventView_date.txt) and uses it to
' construct a WMI query for all windows EventLog entries since then that are of type
' Error or error (seems winxp writes with a lowercase e)
'
' These results are written to a file (EventView_<dts>.log) and the time the script was
' run is written to the date file. This allows this script to be run several times a day
' and will only retrieve the error entries since the last run.
'
' If the date file is not present a new one will be created with the current date/time.
'
'
' Usage: click the vbs file in Windows Explorer to run using wscript. Some information
'        will be displayed in message boxes (start time, each computer, number of records found)
'        Alternatively type "cscript EventLogErrorView.vbs" in a command prompt to show the
'        same details written to the command prompt. This can be used in a batch file, or in
'        a scheduled task - the command is cscript, the parameter is this vbs file.
'
'
' 

On Error Resume Next

'
' update this to refelect the computers to monitor - comma separated for multiple
'
arrComputers = Array("server1", "server2")



Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20

Set objFSO = CreateObject("Scripting.FileSystemObject")

today = ""
Set objDateFile = objFSO.OpenTextFile ("EventView_date.txt")
    today = objDateFile.Readline
    Wscript.echo "today = " & today
    if (isempty(today)) then
        WScript.Echo "Date file not found, using today's date at midnight"
        today = Date & " 00:00:00"
    end if

    today = DateToWMIDateString(today)

' write current datetime to file for next run.
set objDateFile = objFSO.CreateTextFile("EventView_date.txt")
objDateFile.WriteLine(Date & " " & Time)

Set objFile = objFSO.CreateTextFile("EventView_" & today & ".log")



' start processing
WScript.Echo "Processing All Error reports since: " & today & " (" & WMIDateStringToDate(today) & ")"
objFile.WriteLine "Processing All Error reports since: " & today & " (" & WMIDateStringToDate(today) & ")"


For Each strComputer In arrComputers
   objFile.WriteLine
   objFile.WriteLine
   objFile.WriteLine
   objFile.WriteLine "=========================================="
   objFile.WriteLine "Computer: " & strComputer
   objFile.WriteLine "=========================================="

   WScript.Echo "Computer: " & strComputer

' notes:
' timestamp comparisons in WMI queries are in the form YYYYMMDDHHMMSS.milliseconds+exp

   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
   Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE (Type = 'error' OR Type= 'Error') AND TimeGenerated > '" & today & ".000000+000'", "WQL", _
                                          wbemFlagReturnImmediately + wbemFlagForwardOnly)

   dim records
   records = 0

   For Each objItem In colItems
        objFile.WriteLine "CategoryString: " & objItem.CategoryString
        objFile.WriteLine "ComputerName: " & objItem.ComputerName
        strData = Join(objItem.Data, ",")
            objFile.WriteLine "Data: " & strData
        objFile.WriteLine "EventCode: " & objItem.EventCode
        objFile.WriteLine "EventIdentifier: " & objItem.EventIdentifier
        objFile.WriteLine "EventType: " & objItem.EventType

        strInsertionStrings = Join(objItem.InsertionStrings, ",")
        objFile.WriteLine "InsertionStrings: " & strInsertionStrings
        objFile.WriteLine "Logfile: " & objItem.Logfile
        objFile.WriteLine "Message: " & objItem.Message

        objFile.WriteLine "SourceName: " & objItem.SourceName
        objFile.WriteLine "TimeGenerated: " & WMIDateStringToDate(objItem.TimeGenerated)

        objFile.WriteLine "Type: " & objItem.Type
        objFile.WriteLine "User: " & objItem.User
        objFile.WriteLine
        objFile.WriteLine "------------------------------------------"
        objFile.WriteLine

        records = records + 1
   Next

   WScript.Echo "          " & records & " records found"
   objFile.WriteLine "          " & records & " records found"
Next



Function WMIDateStringToDate(dtmDate)
    WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
    Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
    & " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
End Function

' takes a dd/mm/yyyy hh:mm:ss format and turns it into yyyymmddhhmmss
Function DateToWMIDateString(dtmDate)
DateToWMIDateString = Year(dtmDate) & PadZeros(Month(dtmDate)) & PadZeros(Day(dtmDate)) & PadZeros(Hour(dtmDate)) & PadZeros(Minute(dtmDate)) & PadZeros(Second(dtmDate))
End Function

Function PadZeros(dtmDate)
If Len(dtmDate) = 1 Then
    PadZeros = "0" & dtmDate
Else
    PadZeros = dtmDate
End If
End Function

Alles in Microsofts (kostenlosem) Tool Scriptomatic2!

Das Skript ist nützlich und ich kann es ausführen. Aber die Datei zeigt nur die Informationen wie

============================================ Daten: InsertionStrings:

      1 records found

Darüber hinaus erstellt diese Datei („EventView_“ & today & „.log“) nur die Datei mit EventView_00.log, nicht mit dem tatsächlichen Datum. Gemäß der Syntax sollte sie stattdessen Daten von )00 liefern.