Event Log Time Period Check
Event Log Time Period Check
(OP)
Hi,
I have developed a script that looks for a certain Windows Backup failure attempt.
My issue is the failure event could be anytime from 18:00 to 06:00 the next morning, the script at the moment grabs all the events from the event log & writes it to a text file and emails it out.
Personally i would like the script to only take the first failure and write this to the text file rather than pull all events back.
At the moment i am testing from my PC so the event i am searching for is different to the purpose:
I am struggling with searching for the event as dtmyesterday is looking for one event not between a time frame on 18:00 to 06:00 the next morning for example.
Hopefully i am not trying to push my script beyond the length of VB's capabilities. But i am stumped on getting the time period written or worked out.
All help and thoughts\comments are appreciated.
Kind regards
James
I have developed a script that looks for a certain Windows Backup failure attempt.
My issue is the failure event could be anytime from 18:00 to 06:00 the next morning, the script at the moment grabs all the events from the event log & writes it to a text file and emails it out.
Personally i would like the script to only take the first failure and write this to the text file rather than pull all events back.
At the moment i am testing from my PC so the event i am searching for is different to the purpose:
CODE --> VBS
' ———————————————————–'
Option Explicit
Dim objFSO, objFolder, objFile, objWMI, objItem, objMail, objConf, objFlds ' Objects
Dim strComputer, strFileName, strFileOpen, strFolder, strPath, strCompName, dtmYesterday
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents, wshNetwork
Set wshNetwork = CreateObject( "WScript.Network" )
strCompName = wshNetwork.ComputerName
' ——————————————————–
' Set the folder and file name
strComputer = "."
strFileName = "\Event916.txt"
strFolder = "C:\logs"
strPath = strFolder & strFileName
' Set numbers & date config
intNumberID = 916 '517 ' Event ID Number
intRecordNum = 0
dtmYesterday = "20181120172224.893754-000"
'dtmtoday = Date()
'WMI Conversion Functions
'Convert To WMIDate\Time
Function ConvertToWMIDateTime(dDateTime)
On Error Resume Next
Dim oDateTime
Set oDateTime = CreateObject("WbemScripting.SWbemDateTime")
oDateTime.SetVarDate dDateTime, True
ConvertToWMIDateTime = oDateTime.Value
Set oDateTime = Nothing
End Function
'WmiDate To Date\time
Function WmiDateToDatetime (wmidate)
Dim y, m, d, h, mn, s
If VarType(wmidate) <> vbString Then
WmiDateToDatetime = "Undefined!": Exit Function
End If
If Len(wmidate) < 15 Or Mid(wmidate, 15,1) <> "." Then
WmiDateToDatetime = "Undefined!": Exit Function
End If
y = Left(wmidate, 4) ' year
m = Mid(wmidate, 5, 2) ' month
d = Mid(wmidate, 7, 2) ' day
h = Mid(wmidate, 9, 2) ' hours
mn = Mid(wmidate, 11, 2) ' minutes
s = Mid(wmidate, 13, 2) ' seconds
If y < 1980 Or m < 1 Or d < 1 Then
WmiDateToDatetime = "Undefined!": Exit Function
End If
WmiDateToDatetime =FormatDateTime(DateSerial (y, m, d), VbLongdate) & " - " & FormatDateTime(TimeSerial(h, mn, s), vbLongTime)
'FormatDateTime(DateSerial (y, m, d), VbLongdate) & " - " &
End Function
' —————————————————–
' Section to create folder and hold file.
' Create the File System Object
Set objFSO = CreateObject("Scripting.FileSystemObject")
' Check that the strFolder folder exists
If objFSO.FolderExists(strFolder) Then
Set objFolder = objFSO.GetFolder(strFolder)
Else
Set objFolder = objFSO.CreateFolder(strFolder)
'WScript.Echo "Just created " & strFolder
End If
If objFSO.FileExists(strFolder & strFileName) Then
Set objFolder = objFSO.GetFolder(strFolder)
Else
Set objFile = objFSO.CreateTextFile(strFolder & strFileName)
'Wscript.Echo "Just created " & strFolder & strFileName
End If
' ————————————————–
' Two tiny but vital commands (Try script without)
set objFile = nothing
set objFolder = nothing
' —————————————————-
' Write the information to the file
'Wscript.Echo " Press OK and Wait 30 seconds (ish)"
Set strFileOpen = objFSO.CreateTextFile(strPath, True)
' ———————————————————-
' WMI Core Section
Set objWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application'")
' ———————————————————-
' Next section loops through ID properties
'Wscript.echo "date:- " & dtmYesterday
'Wscript.echo "dateinWMI:- " & ConvertToWMIDateTime(dtmYesterday)
For Each objItem in colLoggedEvents
'wscript.echo "Converted Date:- " & WmiDateToDatetime(objItem.TimeGenerated)
'wscript.Echo "WMI TIME:- " & objItem.TimeGenerated
If objItem.EventCode = intNumberID And WmiDateToDatetime(objItem.TimeGenerated) = dtmYesterday Then
strFileOpen.WriteLine("Category: " & objItem.Category & " string " & objItem.CategoryString)
strFileOpen.WriteLine("ComputerName: " & objItem.ComputerName)
strFileOpen.WriteLine("Logfile: " & objItem.Logfile & " source " & objItem.SourceName)
strFileOpen.WriteLine("Logged: " & WmiDateToDatetime(objItem.TimeGenerated))
strFileOpen.WriteLine("EventCode: " & objItem.EventCode)
strFileOpen.WriteLine("EventType: " & objItem.EventType)
strFileOpen.WriteLine("Type: " & objItem.Type)
strFileOpen.WriteLine("User: " & objItem.User)
strFileOpen.WriteLine("Message: " & objItem.Message)
strFileOpen.WriteLine (" ")
intRecordNum = intRecordNum +1
End If
Next I am struggling with searching for the event as dtmyesterday is looking for one event not between a time frame on 18:00 to 06:00 the next morning for example.
Hopefully i am not trying to push my script beyond the length of VB's capabilities. But i am stumped on getting the time period written or worked out.
All help and thoughts\comments are appreciated.
Kind regards
James
Talk To Other Members
RE: Event Log Time Period Check
Assign a boolean flag like bHasFailed, that is assigned TRUE when an event occurs and FALSE at 0600 hours.
Then code your failure code to only process any If bHasFailed = FALSE Then
Skip,
Just traded in my OLD subtlety...
for a NUance!