Page 1 of 1 1
Topic Options
#6571 - 2001-01-30 03:55 PM Event Log monitoring
Anonymous
Unregistered


I trying to figure out a way to monitor my event logs in 1 hour intervals on each server and then write the logs to a file or files, appending the last. Then I will clear the log after complete. If the one hour intervals can't be done or will cause to much traffic the I can use the AT command to can kick the program off once a day, but if there is a better way I am open.


Top
#6572 - 2001-01-30 05:49 PM Re: Event Log monitoring
Anonymous
Unregistered


Working on it... Have you tried to use the "Dumpel" tool from the resource kit ?
Top
#6573 - 2001-01-30 07:36 PM Re: Event Log monitoring
Anonymous
Unregistered


No I have not. I give it a shot and see what it does. Currently I have been messing arourd with the "backupeventlog" function and cleareventlog, but have not really got them to function yet.
Top
#6574 - 2001-01-30 11:42 PM Re: Event Log monitoring
Anonymous
Unregistered


Hi USX,

This is what I've come up with.. Hope it helpes ya!!

[This message has been edited by ernie (edited 30 January 2001).]

Top
#6575 - 2001-01-30 11:43 PM Re: Event Log monitoring
Anonymous
Unregistered


code:

$LOG=""
$FILE="@YDAYNO"+SUBSTR(@TIME,1,2)+SUBSTR(@TIME,4,2)+SUBSTR(@TIME,7,2)
? $FILE
$RESULT="D:\Eventlog\"+$FILE+".log"

IF EXIST ($RESULT)=0
$NUL= OPEN (1, $RESULT,5)
$NUL= CLOSE(1)
ENDIF

$LOG="Application"
$KEY=1
$LINE=""
GOSUB "DUMP"

$LOG="Security"
$KEY=1
$LINE=""
GOSUB "DUMP"

$LOG="System"
$KEY=1
$LINE=""
GOSUB "DUMP"

EXIT

:DUMP
CLS
? "Working on "+$LOG+" Log..."

SHELL "CMD /C START /WAIT D:\Eventlog\Dumpel.exe -f D:\Eventlog\$LOG.txt -l $LOG"

$NUL= OPEN (1, "D:\Eventlog\"+$LOG+".txt")

$LINE = READLINE (1)

IF $LINE=""
$NUL= WRITEPROFILESTRING ($RESULT, $LOG, "$KEY", "No Entries")
ELSE
WHILE @ERROR=0
$NUL= WRITEPROFILESTRING ($RESULT, $LOG, "$KEY", $LINE)
$KEY=1+$KEY
$LINE = READLINE (1)
LOOP
ENDIF

$NUL= CLOSE(1)
DEL "D:\Eventlog\"+$LOG+".txt"
$NUL= ClearEventlog($LOG)

RETURN


If you need Dumpel you can download it here: http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-U S/Dumpel.exe

Greetz, Bert.

[This message has been edited by ernie (edited 30 January 2001).]

[This message has been edited by ernie (edited 31 January 2001).]

Top
#6576 - 2001-01-31 04:43 PM Re: Event Log monitoring
Anonymous
Unregistered


THX Ernie

This looks great!

Thanks Again

Top
#6577 - 2001-02-02 04:36 AM Re: Event Log monitoring
Anonymous
Unregistered


Ernie,

Nice script, I just have one small addition if you don't mind...

If you want to see the actual event log files and maybe import them into a database, then instead of deleting the system.txt files etc. Add in the following:

shell "%comspec% /c ren application.txt @wksta.@mdayno@month@year.application.prn"
shell "%comspec% /c ren system.txt @wksta.@mdayno@month@year.system.prn"
shell "%comspec% /c ren security.txt @wksta.@mdayno@month@year.security.prn"

This of course would only work if you did it once a day/week etc. I am not good enough to modify your whole script, maybe someone could have a wee play.

The *.prn files are Space Delimited (open with Excel)

Anyway, thanks again for the nice script.

dephier

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 382 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.05 seconds in which 0.024 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org