Hack 12 Get Event Log Information

 < Day Day Up > 

figs/beginner.gif figs/hack12.gif

Need to check on the size and configuration settings of your event logs? Use this script instead of the GUI; it's faster!

Monitoring event logs is an essential part of an administrator's job. Unfortunately, viewing event log settings and log file sizes from the GUI is cumbersome, and it would be useful to have an easier way to obtain this information.

That's exactly what this hack is all about. You can run the script on Windows NT/2000 and later to obtain the current file size, maximum file size, and number of records, and you can overwrite settings on the Application, System, and Security logs.

The Code

Type the following script into Notepad (make sure Word Wrap is disabled) and save it with a .vbs extension as loginfo.vbs . Or, if you like, you can download the script from the O'Reilly web site.

 Option Explicit On Error Resume Next Dim strMoniker Dim refWMI Dim colEventLogs Dim refEventLog Dim strSource 'moniker string stub - security privilege needed to get 'numrecords for Security log strMoniker = "winMgmts:{(Security)}!" 'append to moniker string if a machine name has been given If WScript.Arguments.Count = 1 Then _ strMoniker = strMoniker & "\" & WScript.Arguments(0) & ":" 'attempt to connect to WMI Set refWMI = GetObject(strMoniker) If Err <> 0 Then WScript.Echo "Could not connect to the WMI service." WScript.Quit End If 'get a collection of Win32_NTEventLogFile objects Set colEventLogs = refWMI.InstancesOf("Win32_NTEventLogFile") If Err <> 0 Then WScript.Echo "Could not retrieve Event Log objects" WScript.Quit End If 'iterate through each log and output information For Each refEventLog In colEventLogs WScript.Echo "Information for the " & _ refEventLog.LogfileName & _ " log:" WScript.Echo " Current file size: " & refEventLog.FileSize WScript.Echo " Maximum file size: " & refEventLog.MaxFileSize WScript.Echo " The Log currently contains " & _ refEventLog.NumberOfRecords & " records" 'output policy info in a friendly format using OverwriteOutDated, 'as OverWritePolicy is utterly pointless. 'note "-1" is the signed interpretation of 4294967295 Select Case refEventLog.OverwriteOutDated Case 0 WScript.Echo _ " Log entries may be overwritten as required" Case -1 WScript.Echo _ " Log entries may NEVER be overwritten" Case Else WScript.Echo _ " Log entries may be overwritten after " & _ refEventLog.OverwriteOutDated & " days" WScript.Echo End Select Next Set refEventLog = Nothing Set colEventLogs = Nothing Set refWMI = Nothing 

Running the Hack

To run the script, use Cscript.exe , the command-line version of the Windows Script Host (WSH). Simply type cscript loginfo.vbs at a command prompt from the directory in which the script resides. Here is a sample of typical output when the script runs on a Windows 2000 machine:

 C:\>  cscript loginfo.vbs  Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Information for the Security log:  Current file size: 65536  Maximum file size: 524288  The Log currently contains 166 records  Log entries may be overwritten after 7 days Information for the Application log:  Current file size: 524288  Maximum file size: 524288  The Log currently contains 2648 records  Log entries may be overwritten as required Information for the System log:  Current file size: 524288  Maximum file size: 524288  The Log currently contains 2648 records  Log entries may be overwritten after 7 days 

Note that when you run this script on a domain controller it displays information concerning the Directory Service, File Replication Service, and DNS logs as well.

Rod Trent

 < Day Day Up > 


Windows Server Hacks
Windows Server Hacks
ISBN: 0596006470
EAN: 2147483647
Year: 2004
Pages: 163
Authors: Mitch Tulloch

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net