Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
Querying an event log for a specific set of events can greatly increase the speed and efficiency of your query. The following examples demonstrate two ways to construct a script for determining the number of improper shutdowns recorded in the System event log with Event ID 6008 one way that is fast and efficient, another way that is not:
On a Windows 2000 based test computer with approximately 700 events in the System event log, this process took more than 10 minutes.
On the same test computer, this query took just 9 seconds. If you know exactly what you are looking for, you should create a targeted query that returns only this information. This reduces processing time and, when you are working with remote computers, limits the amount of data that must be transferred across the network.
Listing 12.9 contains a script that queries an event log and tallies all instances of a specific Event ID. To carry out this task, the script must perform the following steps:
To limit data retrieval to specific events, include a Where clause specifying the System event log and EventCode 6008. The resulting collection will include only records from the System event log that have EventCode 6008.
Because a filter was applied as part of the GetObject call, the number of records in the collection equals the number of proper shutdowns recorded in the System event log.
Listing 12.9 Querying an Event Log for a Specific Event ID
|
|
Send us your feedback | « Previous | Next » |