| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 02:08 AM |
Read the Event Log upon startup?
|
Is there a way to query the Application Log via a kix script and return a Yes value to a spreadsheet if Events 1030 or 1054 were found?
| lukeod |
| (Getting the hang of it) |
| 2008-02-21 02:24 AM |
|
Re: Read the Event Log upon startup?
|
Have a look at the UDF 'ReadEventlog' for the first bit.
There is some sample code for creating & writing to an excel document in the Samples folder bundled with the Kix v4.6 zip file - called 'excel.kix'. Might give you some pointers.
Below *should* determine if the events exist
Code:
$events_1030 = ReadEventlog('Application',1030)
$events_1054 = ReadEventlog('Application',1054)
IF $events_1030[0] <> ""
"do stuff"
ENDIF
IF $events_1054[0] <> ""
"do more stuff"
ENDIF
Luke
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 04:59 PM |
|
Re: Read the Event Log upon startup?
|
that is fantastic, i'll give it a try. thanks!
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 05:40 PM |
|
Re: Read the Event Log upon startup?
|
bummer, i don't think command exists in version 2010 (4.5). i searched through the manual and there is no mention of it. it is giving me this error:
ERROR : expected ')'!
Script: \\servername\NETLOGON\admin.kix
Line : 239
is there a command that will work with ver 4.5?
in fact, i don't see that command in the on-line command reference at all.
| Mart |
| (KiX Supporter) |
| 2008-02-21 05:50 PM |
|
|
Re: Read the Event Log upon startup?
|
It is not a build in function or command. It is a UDF created by one of the members to add functionality to kixtart that is not (yet) included.
UDF Library » ReadEventlog() - Retrieves event from the eventlog
KiXtart FAQ & How to's » How to use UDFs
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:04 PM |
|
Re: Read the Event Log upon startup?
|
cool, i had since discovered that, so i will read the how-to and hopefully that will jump start me on what i need to do to use this UDF. thanks!
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:07 PM |
|
Re: Read the Event Log upon startup?
|
okay, i just read through it and as expected (since i'm not a programmer guy), i am confused by what i need to do. am i to define it as a function? i feel like i'm close to getting this to work, i just need a little more guidance. thanks!
| Witto |
| (MM club member) |
| 2008-02-21 06:19 PM |
|
|
Re: Read the Event Log upon startup?
|
Maybe start with something like this:
| ; =========================================================================================== ; ; Script Information ; ; Title: ; Author: ; Description: ; ; ; =========================================================================================== ;Script Options If Not @LOGONMODE Break On Else Break Off EndIf Dim $RC $RC = SetOption("Explicit", "On") $RC = SetOption("NoMacrosInStrings", "On") $RC = SetOption("NoVarsInStrings", "On") If @SCRIPTEXE = "KIX32.EXE" $RC = SetOption("WrapAtEOL", "On") EndIf ;Declare variables ;Initialize variables ;Code ;Personal UDF Section ;UDF Section |
Now paste the UDF you found at the bottom
Declare your variables under
;Declare variables
Write your code under
;Code
Maybe you can find your own way to structure your code afterwards
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:21 PM |
|
Re: Read the Event Log upon startup?
|
sorry, don't mean to be ignorant, but now i am more confused.
| Witto |
| (MM club member) |
| 2008-02-21 06:23 PM |
|
|
|
Re: Read the Event Log upon startup?
|
| ; =========================================================================================== ; ; Script Information ; ; Title: ; Author: ; Description: ; ; ; =========================================================================================== ;Script Options If Not @LOGONMODE Break On Else Break Off EndIf Dim $RC $RC = SetOption("Explicit", "On") $RC = SetOption("NoMacrosInStrings", "On") $RC = SetOption("NoVarsInStrings", "On") If @SCRIPTEXE = "KIX32.EXE" $RC = SetOption("WrapAtEOL", "On") EndIf ;Declare variables DIM $events_1030, $events_1054 ;Initialize variables ;Code $events_1030 = ReadEventlog('Application',1030) $events_1054 = ReadEventlog('Application',1054) If $events_1030[0] <> "" "do stuff" EndIf If $events_1054[0] <> "" "do more stuff" EndIf ;Personal UDF Section ;UDF Section |
Do not forget the UDF code at the bottom
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:26 PM |
|
Re: Read the Event Log upon startup?
|
what do you mean by personal UDF section and UDF section? i know the green light will go off in my head here in a little bit.
| Witto |
| (MM club member) |
| 2008-02-21 06:27 PM |
|
|
|
Re: Read the Event Log upon startup?
|
Just a distinction I make between UDF I borrowed from the Internet and my personal ones
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:45 PM |
|
Re: Read the Event Log upon startup?
|
so when you say to include the UDF portion, you mean define ReadEventlog as a function?
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 06:52 PM |
|
Re: Read the Event Log upon startup?
|
so, this is the UDF portion?:
function ReadEventlog()
endfunction
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 07:03 PM |
|
Re: Read the Event Log upon startup?
|
okay, so i copied and pasted the entire section of the post i found relative to the UDF. Now, when i run it, i get this error:
ERROR : array reference out of bounds!
Script: \\servername\NETLOGON\admin.kix
Line : 246
Line 246 is:
IF $events_1030[0] <> ""
any ideas?
| Mart |
| (KiX Supporter) |
| 2008-02-21 07:14 PM |
|
|
|
Re: Read the Event Log upon startup?
|
All you need to do is paste the ReadEventLog code to the bottom of the script.
Kix will read the code into memory and after that you can use the ReadEventLog function just like you would use the Exist or Writeline or any other build in function. You can just call upon it every time you need it.
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 07:15 PM |
|
Re: Read the Event Log upon startup?
|
yes, i did that (finally!), but now i am getting the error i mentioned about the array. any ideas?
| Mart |
| (KiX Supporter) |
| 2008-02-21 07:55 PM |
|
|
|
Re: Read the Event Log upon startup?
|
Ok sorry I should read better.
If there are no 1030 events the array will be empty so you might want to add a check to see If it is empty before using one or more of the elements in the array.
Code:
If Ubound($events_1030) <> "-1" ;do you stuff EndIf
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 08:00 PM |
|
Re: Read the Event Log upon startup?
|
well, what's weird is i am running this against my workstation which is loaded with 1030 events.
| Mart |
| (KiX Supporter) |
| 2008-02-21 08:12 PM |
|
|
|
Re: Read the Event Log upon startup?
|
Weird indeed. Can you post the code you are using? I'll run it on my machine to see what goes wrong.
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 09:03 PM |
|
Re: Read the Event Log upon startup?
|
i changed it to your code above and it works like a charm. thanks!!
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 10:12 PM |
|
Re: Read the Event Log upon startup?
|
okay, next question - any way to have the UDF return the date and time the event was recorded in the user's log?
| endodave |
| (Starting to like KiXtart) |
| 2008-02-21 10:57 PM |
|
Re: Read the Event Log upon startup?
|
or any way to specify that you only want it to look in the reg after a certain date and time?
| Mart |
| (KiX Supporter) |
| 2008-02-22 03:33 PM |
|
|
|
Re: Read the Event Log upon startup?
|
The ReadEventLog UDF returns an array for each event one of the columns is the time it was generated.
Element 12 and/or 13 contain what you want to know.
Quote:
; Column 0 = Category
; Column 1 = CategoryString
; Column 2 = ComputerName
; Column 3 = Data
; Column 4 = EventCode
; Column 5 = EventIdentifier (see http://support.microsoft.com/default.aspx?scid=kb;en-us;245222)
; Column 6 = EventType
; Column 7 = InsertionStrings
; Column 8 = Logfile
; Column 9 = Message
; Column 10 = RecordNumber
; Column 11 = Source Name
; Column 12 = TimeGenerated
; Column 13 = TimeWritten
; Column 14 = Type
; Column 15 = User
Richard H.
|
| (KiX Supporter) |
| 2008-02-22 04:06 PM |
|
Re: Read the Event Log upon startup?
|
Originally Posted By: endodave
or any way to specify that you only want it to look in the reg after a certain date and time?
Yes. Read the UDF header for a desciption of what each parameter is used for, for example:
Code:
; DATETIME ; optional date/time string denoting the start date of the events in ; the form of YYYY/MM/DD HH:MM:SS, YYY/MM/DD, or HH:MM:SS
If you pass this parameter you should only retrieve events since the date that you specify.
You can also restrict the list by user, computer, event ID or even by passing your own WQL statement if you really want to get into it.
| endodave |
| (Starting to like KiXtart) |
| 2008-02-22 05:23 PM |
|
Re: Read the Event Log upon startup?
|
guess i'll have to mess around with it more. i tried the date thing and it didn't work. here is my code:
$events_1030 = ReadEventlog('Application',1030,'2008/01/01 00:00:00')
i also tried this to no avail:
$events_1030 = ReadEventlog('SELECT EventCode, TimeGenerated, User FROM Win32_NTLogEvent WHERE Logfile="Application" AND EventCode=1030 AND TimeGenerated>="2008/01/01 00:00:00:000"')
| lukeod |
| (Getting the hang of it) |
| 2008-02-26 12:30 AM |
|
Re: Read the Event Log upon startup?
|
I think the problem with
Code:
$events_1030 = ReadEventlog('Application',1030,'2008/01/01 00:00:00')Is that it's assigning '2008/01/01 00:00:00' to the 'optional $computer' variable. Have a look at the first 'code' line of the UDF ReadEventLog:
Code:
function ReadEventlog($eventlog, optional $eventid, optional $computer, optional $datetime, optional $username, optional $password)
What I think is happening is it's entering the function with the following variables
$eventlog = Application
$eventid = 1030
$computer = 2008/01/01 00:00:00
$datetime = [Null]
Try this instead:
Code:
$events_1030 = ReadEventlog('Application',1030,@WKSTA,'2008/01/01 00:00:00')
@WKSTA just returns the name of the current computer.
And see if it makes a difference. I dont know enough about kix or programming in general to know if you can tell the function to use only specific optional variables without recoding the UDF. As far as i'm aware, you will have to go left to right filling in any optional variables until you have got to the ones you wanted.
Luke
|
Richard H.
|
| (KiX Supporter) |
| 2008-02-26 09:53 AM |
|
Re: Read the Event Log upon startup?
|
You may leave out any (or all) optional values, but you must keep the delimiters (commas) in place.
Code:
$events_1030 = ReadEventlog('Application',1030,,'2008/01/01 00:00:00')| lukeod |
| (Getting the hang of it) |
| 2008-02-28 02:51 AM |
|
Re: Read the Event Log upon startup?
|
Oh really, well that does make sense, thanks for the info.
Luke