Gazeek.Com » VBScript To Pull Events From Event Log And Email To Yourself – Past 24 Hours

May200915

Cheyne

3

VBScript To Pull Events From Event Log And Email To Yourself – Past 24 Hours

So, you want to see what events have occured on a server in the past 24 hours. Maybe you have a problematic server, throwing errors but your event log is so massive , its hard to sort through.

This script will sift through your entire event log, searching for any events in the past 24 hours that match your event code, it will save the results to a .TXT file , and then email them to you. v.handy

Usage

Example: cscript <scriptname> <servername>

1	cscript scriptname.vbs Server1



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
'==========================================================================
'
' Event Log Monitor - Pull And Email
'
' AUTHOR: Cheyne Wallace
' DATE  : 3/02/2009
'
' COMMENT: Pulls Back Event Logs From Server Based On EventCode
'          and emails log file.  Will Only Pull Records From 24 Hours Ago
'==========================================================================
Dim Stuff, myFSO, WriteStuff, dateStamp, EventDate, DateNow, FileName, EventCode
Dim EmailAddress, SMTPServer
'==========================================================================
'Here Is Your Config Variables
SMTPServer = "mail.yourdomain.com" 'Change This To Your SMTP Server
EmailAddress = "youremailaddress@nowhere.com" 'Change This To Your Email Address
EventCode = "1221" 'Change This To Your Event Code You Wish To Pull
'==========================================================================

DateNow = Now()
FileName = WScript.Arguments(0) &amp; "_EventLog_Capture.txt"
 
Set myFSO = CreateObject("Scripting.FileSystemObject")
'Delete The File If Already Exists
If MyFSO.FileExists(FileName) Then
	myFSO.DeleteFile FileName
End If
Set WriteStuff = myFSO.OpenTextFile(FileName, 8, True)
 
'Get The Computer Name
strComputer = WScript.Arguments(0)
Set objWMIService = GetObject("winmgmts:" _
    &amp; "{impersonationLevel=impersonate}!\\" &amp; strComputer &amp; "\root\cimv2")
 
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select  * from Win32_NTLogEvent Where EventCode = ' " &amp; EventCode &amp; "'")
 
    'Setup The Header
	WriteStuff.WriteLine("Event Log Monitor - Pull And Email")
	WriteStuff.WriteLine("Written By Cheyne Wallace")
	WriteStuff.WriteLine(" ")
	WriteStuff.WriteLine("Server: " &amp; WScript.Arguments(0))
	WriteStuff.WriteLine(" ")
 
'Write The .TXT File Information
For Each objEvent in colLoggedEvents
	EventDate = GetVBDate(objEvent.TimeGenerated)
If DateDiff("h",DateNow,EventDate) &gt; -24 Then
 
    WriteStuff.WriteLine("================================================")
    WriteStuff.WriteLine("Event date: " &amp; EventDate)
    WriteStuff.WriteLine("Description: " &amp; objEvent.Message)
    WScript.Echo "================================================"
    Wscript.Echo "Event date: " &amp; EventDate
    Wscript.Echo "Description: " &amp; objEvent.Message
 
    End If
 
Next
 
WriteStuff.Close
SET WriteStuff = NOTHING
SET myFSO = Nothing
 
Call Send_Email
WScript.Echo "Finished!"
 
'=================== Functions ================================
Function GetVBDate(wd)
  GetVBDate = DateSerial(left(wd,4),mid(wd,5,2),mid(wd,7,2))+ TimeSerial(mid(wd,9,2),mid(wd,11,2),mid(wd,13,2))
End Function
 
Public Sub Send_Email
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = WScript.Arguments(0) &amp; " - Event Log Monitor - Pull And Email - Past 24 Hours"
objMessage.From = "some_from_address@nowhere.com"
objMessage.AddAttachment = FileName
objMessage.To = EmailAddress
objMessage.TextBody = "Events For " &amp; WScript.Arguments(0) &amp; " Within The Last 24 Hours"
 
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTPServer
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
objMessage.Send
 
End Sub

3 Responses to “VBScript To Pull Events From Event Log And Email To Yourself – Past 24 Hours”

Justin on August 8th, 2009

Great script, exactly what I needed! Thanks.
charles on November 10th, 2009

when i run the script i get the following C:\scriptname.vbs(21, 37) Microsoft VBScript compilation error: Expected end of
statement
Cheyne on November 10th, 2009

Make sure your sending the server name as an argument to the script through the command line.

See the usage example

Leave a Reply

Click here to cancel reply.