Parsing Saved Event logs Files

Parsing Saved Event logs Files

Post by Rl9MYXN0aW » Fri, 02 Dec 2005 23:18:05


I have a script that I'd like to modify. I first examine the event logs on a
server and report on any errors and audit failures to an HTML file. Then I
back up the logs and clear the logs. I would like to first backup the logs
then parse the saved logs to the script that creates the HTML file. My
question is how can I parse the backed-up event log file so as to capture the
needed errots for creating the HTML file. Shown below is the section of the
code that I use to create the HTML file from the Event Logs. Can some tell
me how I might modify it?

Thanks,
Frank

' +++++++++++++++++ Begin of VBScript Code +++++++++++++++++ '
Const ieCRLF = "<br>"
Const ieSPACE = " "

Const ForAppending = 8

sServer = "."
sFileName = "C:\Temp\EvtLog-Test.html"

Set oF_Sys = CreateObject( "Scripting.FileSystemObject" )
Set oWMIService = GetObject( "winmgmts:" & "{impersonationLevel=" & _
"impersonate}!\\" & sServer & "\root\cimv2" )
Set colEvents = oWMIService.ExecQuery( "Select * from Win32_NTLogEvent " & _
"Where Type = 'audit failure' or Type = 'error'" )
Set oAdd2File = oF_Sys.OpenTextFile( sFileName, ForAppending, TRUE )

oAdd2File.WriteLine "<html><head><title>Event Logs Errors Report, " & Now()
& _
" </title></head>" & vbCRLF & "<body bgcolor='white'>" & ieCRLF & vbCRLF & _
String( 108, "=" ) & ieCRLF & vbCRLF & "</big></b> <table width='100%'>" & _
vbCRLF & "<tr><td width='10%'> <b>LogFile</b></td>" & vbCRLF & _
"<td width='18%'><b> Date" & vbCRLF & " Time</b></td>" & _
vbCRLF & "<td width='10%'><b>EventCode</b></td>" & vbCRLF & _
"<td width='12%'><b>Source</b></td>" & vbCRLF & "<td width='50%'><b>" & _
"Message</b></td>" & vbCRLF & "</tr>"

If NOT IsEmpty( colEvents ) Then
For Each oService In colEvents
oAdd2File.WriteLine ("<tr><td width='10%'>" & oService.LogFile & _
"</td><td width='18%'>" & Left( oService.TimeGenerated, 14 ) & _
"</td><td width='10%'>" & oService.EventCode & "</td>" & _
"<td width='12%'>" & oService.SourceName & "</td>" & _
"<td width='50%'>" & oService.Message & "</td></tr><tr></tr>")
Next
'Else
' wscript.echo "Nada"
End If

oAdd2File.WriteLine ("<tr></tr></table>" & ieCRLF & "<big><i><b>End of
report " & _
"for server: " & sServer & ieCRLF & "</b></i></big>")

oAdd2File.Close
Set oAdd2File = Nothing
Set oF_Sys = Nothing
Set colEvents = Nothing
Set oWMIService = Nothing

' ++++++++++++++ End of VBScript Code ++++++++++++++ '