VBScript To Pull Events From Event Log And Email To Yourself – Past 24 Hours

So, you want to see what events have occured on a server in the past 24 hours. Maybe you have a problematic server, throwing errors but your event log is so massive , its hard to sort through.

This script will sift through your entire event log, searching for any events in the past 24 hours that match your event code, it will save the results to a .TXT file , and then email them to you. v.handy

Usage

Example: cscript <scriptname> <servername>

1

cscript scriptname.vbs Server1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

'==========================================================================
'
' Event Log Monitor - Pull And Email
'
' AUTHOR: Cheyne Wallace
' DATE  : 3/02/2009
'
' COMMENT: Pulls Back Event Logs From Server Based On EventCode
'          and emails log file.  Will Only Pull Records From 24 Hours Ago
'==========================================================================
Dim Stuff, myFSO, WriteStuff, dateStamp, EventDate, DateNow, FileName, EventCode
Dim EmailAddress, SMTPServer
'==========================================================================
'Here Is Your Config Variables
SMTPServer = "mail.yourdomain.com" 'Change This To Your SMTP Server
EmailAddress = "youremailaddress@nowhere.com" 'Change This To Your Email Address
EventCode = "1221" 'Change This To Your Event Code You Wish To Pull
'==========================================================================

DateNow = Now()
FileName = WScript.Arguments(0) &amp; "_EventLog_Capture.txt"
 
Set myFSO = CreateObject("Scripting.FileSystemObject")
'Delete The File If Already Exists
If MyFSO.FileExists(FileName) Then
	myFSO.DeleteFile FileName
End If
Set WriteStuff = myFSO.OpenTextFile(FileName, 8, True)
 
'Get The Computer Name
strComputer = WScript.Arguments(0)
Set objWMIService = GetObject("winmgmts:" _
    &amp; "{impersonationLevel=impersonate}!\\" &amp; strComputer &amp; "\root\cimv2")
 
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select  * from Win32_NTLogEvent Where EventCode = ' " &amp; EventCode &amp; "'")
 
    'Setup The Header
	WriteStuff.WriteLine("Event Log Monitor - Pull And Email")
	WriteStuff.WriteLine("Written By Cheyne Wallace")
	WriteStuff.WriteLine(" ")
	WriteStuff.WriteLine("Server: " &amp; WScript.Arguments(0))
	WriteStuff.WriteLine(" ")
 
'Write The .TXT File Information
For Each objEvent in colLoggedEvents
	EventDate = GetVBDate(objEvent.TimeGenerated)
If DateDiff("h",DateNow,EventDate) &gt; -24 Then
 
    WriteStuff.WriteLine("================================================")
    WriteStuff.WriteLine("Event date: " &amp; EventDate)
    WriteStuff.WriteLine("Description: " &amp; objEvent.Message)
    WScript.Echo "================================================"
    Wscript.Echo "Event date: " &amp; EventDate
    Wscript.Echo "Description: " &amp; objEvent.Message
 
    End If
 
Next
 
WriteStuff.Close
SET WriteStuff = NOTHING
SET myFSO = Nothing
 
Call Send_Email
WScript.Echo "Finished!"
 
'=================== Functions ================================
Function GetVBDate(wd)
  GetVBDate = DateSerial(left(wd,4),mid(wd,5,2),mid(wd,7,2))+ TimeSerial(mid(wd,9,2),mid(wd,11,2),mid(wd,13,2))
End Function
 
Public Sub Send_Email
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = WScript.Arguments(0) &amp; " - Event Log Monitor - Pull And Email - Past 24 Hours"
objMessage.From = "some_from_address@nowhere.com"
objMessage.AddAttachment = FileName
objMessage.To = EmailAddress
objMessage.TextBody = "Events For " &amp; WScript.Arguments(0) &amp; " Within The Last 24 Hours"
 
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTPServer
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
objMessage.Send
 
End Sub

8 Responses to “VBScript To Pull Events From Event Log And Email To Yourself – Past 24 Hours”

  1. Justin  on August 8th, 2009

    Great script, exactly what I needed! Thanks.

  2. charles  on November 10th, 2009

    when i run the script i get the following C:\scriptname.vbs(21, 37) Microsoft VBScript compilation error: Expected end of
    statement

  3. Cheyne  on November 10th, 2009

    Make sure your sending the server name as an argument to the script through the command line.

    See the usage example

  4. vicky9  on April 1st, 2010

    is it possible to automate this script,like if it can send email automaticaly for any specific event id-whenever perticuler event id occuerd in server-we can have mail for same

  5. Anonymous  on April 8th, 2010

    If you copy and paste this script from your browser, ampersands show up as & and need to be replaced with a simple “&”. The > needs to be replaced with a greater-than sign too.

  6. Cheyne  on November 10th, 2010

    Yes, Vicky that would be possible.

  7. rajaanumolu  on October 13th, 2011

    I checked ,but it’s not working?please give me correct one ?

  8. rcjay272  on November 10th, 2011

    Cheyne,

    First off…thank you for the post. I have been playing around with the script and it is working with one issue. Instead of pulling the events from the last 24hours….it pulls all the events with the eventID listed.

    Got any tips?

    Thanks Again,
    Rob


Leave a Reply