Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

Querying an event log for a specific set of events can greatly increase the speed and efficiency of your query. The following examples demonstrate two ways to construct a script for determining the number of improper shutdowns recorded in the System event log with Event ID 6008 one way that is fast and efficient, another way that is not:

Scripting Steps

Listing 12.9 contains a script that queries an event log and tallies all instances of a specific Event ID. To carry out this task, the script must perform the following steps:

  1. Create a variable to specify the computer name.

  2. Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."

  3. Use the ExecQuery method to query the Win32_NTLogEvent class.

    To limit data retrieval to specific events, include a Where clause specifying the System event log and EventCode 6008. The resulting collection will include only records from the System event log that have EventCode 6008.

  4. Use the Count property to echo the number of records in the collection.

    Because a filter was applied as part of the GetObject call, the number of records in the collection equals the number of proper shutdowns recorded in the System event log.

Listing 12.9   Querying an Event Log for a Specific Event ID

1 2 3 4 5 6 7

strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND " _ & "EventCode = '6008'") Wscript.Echo "Improper shutdowns: " & colLoggedEvents.Count

 Send us your feedback « Previous | Next »   
Related

Категории