ProblemYou want to view events in an event log. SolutionUsing a graphical user interface
Using a command-line interfaceYou can use the following command to list the events in an event log. In this example, the last ten records from the Application log are displayed. Both commands have numerous other options to view events, so look at the help information for more. > eventquery.vbs /s <ComputerName> /l <LogName> /R <MaxEvents> For example: > eventquery.vbs /s wks01 /l Application /R 10 Using downloadable softwareThe Sysinternals psloglist utility is similar to eventquery.vbs. Here is the basic syntax: > psloglist \\<ComputerName> -n <MaxEvents> <LogName> This example is functionally equivalent to the previous eventquery.vbs example: > psloglist \\wks01 -n 10 Application
Using VBScript' This code displays events in an Event Log. ' ------ SCRIPT CONFIGURATION ------ strLog = "<LogName>" ' e.g. Application intNum = <intMax> ' e.g. 10 (Max number of events to display) strComputer = "<ComputerName>" ' e.g. wks01 (use "." for local machine) ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile " & _ " Where Logfilename = '" & strLog & "'") if colLogs.Count > 1 then WScript.Echo "Fatal error. Number of logs found: " & colLogs.Count WScript.Quit end if for each objLog in colLogs intLogMax = objLog.NumberofRecords next if intLogMax > intNum then intNum = intLogMax - intNum else intNum = intLogMax end if set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent " & "Where Logfile = '" & strLog & "' and RecordNumber >= " & intNum) for each objEvent in colEvents Wscript.Echo "Date: " & objEvent.TimeWritten Wscript.Echo "Source: " & objEvent.SourceName Wscript.Echo "Category: " & objEvent.Category Wscript.Echo "Type: " & objEvent.Type Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "User: " & objEvent.User Wscript.Echo "Computer: " & objEvent.ComputerName Wscript.Echo "Message: " & objEvent.Message WScript.Echo "------" next DiscussionAn event log message is composed of several fields. Here is an explanation of each field:
See AlsoRecipe 16.10 for searching for events, and Recipe 16.12 for finding more information about a particular event |