| **DONOTDELETE** |
| (Lurker) |
| 2001-01-30 03:55 PM |
Event Log monitoring
|
I trying to figure out a way to monitor my event logs in 1 hour intervals on each server and then write the logs to a file or files, appending the last. Then I will clear the log after complete. If the one hour intervals can't be done or will cause to much traffic the I can use the AT command to can kick the program off once a day, but if there is a better way I am open.
| **DONOTDELETE** |
| (Lurker) |
| 2001-01-30 05:49 PM |
Re: Event Log monitoring
|
Working on it... Have you tried to use the "Dumpel" tool from the resource kit ?
| **DONOTDELETE** |
| (Lurker) |
| 2001-01-30 07:36 PM |
Re: Event Log monitoring
|
No I have not. I give it a shot and see what it does. Currently I have been messing arourd with the "backupeventlog" function and cleareventlog, but have not really got them to function yet.
| **DONOTDELETE** |
| (Lurker) |
| 2001-01-30 11:42 PM |
Re: Event Log monitoring
|
Hi USX,
This is what I've come up with.. Hope it helpes ya!!
[This message has been edited by ernie (edited 30 January 2001).]
| **DONOTDELETE** |
| (Lurker) |
| 2001-01-30 11:43 PM |
|
Re: Event Log monitoring
|
code:
$LOG=""
$FILE="@YDAYNO"+SUBSTR(@TIME,1,2)+SUBSTR(@TIME,4,2)+SUBSTR(@TIME,7,2)
? $FILE
$RESULT="D:\Eventlog\"+$FILE+".log"IF EXIST ($RESULT)=0
$NUL= OPEN (1, $RESULT,5)
$NUL= CLOSE(1)
ENDIF$LOG="Application"
$KEY=1
$LINE=""
GOSUB "DUMP"$LOG="Security"
$KEY=1
$LINE=""
GOSUB "DUMP"$LOG="System"
$KEY=1
$LINE=""
GOSUB "DUMP"EXIT
:DUMP
CLS
? "Working on "+$LOG+" Log..."SHELL "CMD /C START /WAIT D:\Eventlog\Dumpel.exe -f D:\Eventlog\$LOG.txt -l $LOG"
$NUL= OPEN (1, "D:\Eventlog\"+$LOG+".txt")
$LINE = READLINE (1)
IF $LINE=""
$NUL= WRITEPROFILESTRING ($RESULT, $LOG, "$KEY", "No Entries")
ELSE
WHILE @ERROR=0
$NUL= WRITEPROFILESTRING ($RESULT, $LOG, "$KEY", $LINE)
$KEY=1+$KEY
$LINE = READLINE (1)
LOOP
ENDIF$NUL= CLOSE(1)
DEL "D:\Eventlog\"+$LOG+".txt"
$NUL= ClearEventlog($LOG)
RETURN
If you need Dumpel you can download it here: http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-U S/Dumpel.exe
Greetz, Bert.
[This message has been edited by ernie (edited 30 January 2001).]
[This message has been edited by ernie (edited 31 January 2001).]
| **DONOTDELETE** |
| (Lurker) |
| 2001-01-31 04:43 PM |
|
Re: Event Log monitoring
|
THX Ernie
This looks great!
Thanks Again
| **DONOTDELETE** |
| (Lurker) |
| 2001-02-02 04:36 AM |
|
Re: Event Log monitoring
|
Ernie,
Nice script, I just have one small addition if you don't mind...
If you want to see the actual event log files and maybe import them into a database, then instead of deleting the system.txt files etc. Add in the following:
shell "%comspec% /c ren application.txt @wksta.@mdayno@month@year.application.prn"
shell "%comspec% /c ren system.txt @wksta.@mdayno@month@year.system.prn"
shell "%comspec% /c ren security.txt @wksta.@mdayno@month@year.security.prn"
This of course would only work if you did it once a day/week etc. I am not good enough to modify your whole script, maybe someone could have a wee play.
The *.prn files are Space Delimited (open with Excel)
Anyway, thanks again for the nice script.
dephier