Reading system log files

  • Thread starter Thread starter AltaEgo
  • Start date Start date
A

AltaEgo

Does anyone know how to read Windows 7 System log files? I need to extract
records from System and Application logs and insert them into a list of
other events. The insert part is easy - append then sort by date_time.
However, I cannot find anything that gives me any help to read the logs.
Perhaps the other limitation would be to extract only records dated between
set dates and time.
 
Hello:
The network team in a corporation that I consult for uses VB Script files
(filename.vbs) which run under Windows Scripting Host. I'm sure that if you
search for scripts, your required script is out there. Check out
www.vbsedit.com, go to sample scripts, and then click the "logs" samples
which read system logs. They are the source of many scripts to do network
and system tasks.
 
Thank you.

--
Steve

Rich Locus said:
Hello:
The network team in a corporation that I consult for uses VB Script files
(filename.vbs) which run under Windows Scripting Host. I'm sure that if
you
search for scripts, your required script is out there. Check out
www.vbsedit.com, go to sample scripts, and then click the "logs" samples
which read system logs. They are the source of many scripts to do network
and system tasks.
 
That was my first attempt at vbs. I am slowly getting a handle on it and can
work the scripts to do what I need with a few exceptions:

1) need it to return all records relevant to today's Date() (I didn't put
much effort in here and can probably work this out myself)
2) instead of running to a file, how do I write to cells (either calling the
script from Excel or running as VBA instead of .vbs)
3) I don;t fully understand the time component of the value returned (e.g.
20100528200819.924686 obviously starts yyyymmdd but I am lost on the
component 200819.924686)
4) I struck a runtime error on the message in one record (debugging efforts
left in place)
The line it breaks on reads:
"File System Filter 'MPFilter' (6.0, 2009-05002T07:22:54.0000000000Z) has
successfully loaded and registered with Filter Manager."
and does not write the value. Presumably it contains an illegal character
(visible or otherwise). Any idea how I can clean it instead of resume next?

The error
Line: 37;
Char: 5; error: Invalid procedure call or argument;
Code: 800A0005;
Source: Microsoft VBScript runtime error

The line number will be different now but I know I trapped the right record.


Const CONVERT_TO_LOCAL_TIME = True

on error resume next
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set filesys = CreateObject("Scripting.FileSystemObject")
Set objfile= filesys.OpenTextFile("c:\temp\test.txt", Forwriting, True)
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")

DateToCheck = Date()
dtmStartDate.SetVarDate DateToCheck , CONVERT_TO_LOCAL_TIME
dtmEndDate.SetVarDate DateToCheck +1, CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'System' and
TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")

i = 1
For Each objEvent in colEvents
objFile.Writeline "************ " & i
strMsg= objEvent.Message
if i > 66 then wscript.echo strMsg
objFile.Writeline objEvent.Category
objFile.Writeline objEvent. EventCode
objFile.Writeline strMsg 'objEvent.Message
objFile.Writeline objEvent. SourceName
objFile.Writeline objEvent.TimeWritten
objFile.Writeline objEvent.Type

i = i+1
Next
objFile.Close
 
I think I have what I need from some separate work done to retrieve computer
name and BIOS serial direct from BIOS. If not, the forum is (sadly) gone so,
thank you in any case.

Best wishes to everyone
 
Back
Top