ProblemYou want to search for events in a specific event log. SolutionUsing a graphical user interface
Using a command-line interfaceYou can use the eventquery.vbs command on Windows XP to search the event log of the local system or a remote machine. The following command displays the last 10 events with event ID 105 on the host fs01: > eventquery.vbs /S fs01 /R 10 /L Application /FI "ID eq 105" Using VBScript' This code searches for events matching the specified criteria. ' ------ SCRIPT CONFIGURATION ------ intEventCode = <EventID> ' Event ID to match; e.g. 105 strLog = "<EventLogName>" ' Event log name; e.g. Application intMaxNum = <MaxNumberOfEvents> ' Max events to return (0 for all) strComputer = "<ComputerName>" ' Use "." for local system ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent " & _ " Where Logfile = '" & strLog & "'" & _ " and EventCode = " & intEventCode) count = 0 for each objEvent in colEvents Wscript.Echo "Date: " & objEvent.TimeWritten Wscript.Echo "Source: " & objEvent.SourceName Wscript.Echo "Category: " & objEvent.Category Wscript.Echo "Type: " & objEvent.Type Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "User: " & objEvent.User Wscript.Echo "Computer: " & objEvent.ComputerName Wscript.Echo "Message: " & objEvent.Message WScript.Echo "------" WScript.Echo count = count + 1 if intMaxNum > 0 and count >= intMaxNum then WScript.Echo "Reached maximum threshold...exiting" exit for end if next DiscussionThe solutions in this recipe describe how to search events on a single machine. If you want to search for events across multiple systems at the same time, look at Recipe 16.10. |