eventlog.vbs - vbscript script by ActiveXperts Software
eventlog.vbs checks whether certain events exist in a Event Log.
Use eventlog.vbs directly from ActiveXperts Network Monitor; in the Manager's 'Monitor' menu, select 'New Check (Script)' and select eventlog.vbs. Configure the required parameter, or press 'Load a working sample'.
In ActiveXperts Network Monitor, Administrators can use three different scripting languages: Powershell, VBScript and SSH.
eventlog.vbs script code
' ///////////////////////////////////////////////////////////////////////////////
' // ActiveXperts Network Monitor - VBScript based checks
' // For more information about ActiveXperts Network Monitor and VBScript, visit
' // http://www.activexperts.com/support/network-monitor/online/vbscript/
' ///////////////////////////////////////////////////////////////////////////////
Option Explicit
' Declaration of global variables
Dim SYSDATA, SYSEXPLANATION ' SYSDATA is displayed in the 'Data' column in the Manager; SYSEXPLANATION in the 'LastResponse' column
' Constants - return values
Const retvalUnknown = 1 ' ActiveXperts Network Monitor functions should always return True (-1, Success), False (0, Error) or retvalUnknown (1, Uncertain)
' // To test a function outside Network Monitor (e.g. using CSCRIPT from the
' // command line), remove the comment character (') in the following lines:
' Dim bResult
' bResult = CheckEventLog( "localhost", "", "application", "1", "AxNmSvc", "ActiveXperts Network Monitor", False )
' WScript.Echo "Return value: [" & bResult & "]"
' WScript.Echo "SYSDATA: [" & SYSDATA & "]"
' WScript.Echo "SYSEXPLANATION: [" & SYSEXPLANATION & "]"
Function CheckEventLog( strHost, strAltCredentials, strEvtLogFile, strEventID, strEvtSource, strEvtDescriptionPattern, bErrorWhenFound )
' Description:
' Check a Windows Event Log
' This function uses the ActiveXperts 'NMWev' Windows Event Log ActiveX object.
' It supports NT compliant .EVT Event Logs, as well as Microsoft's latests .EVTX Event Log formats.
' Parameters:
' 1) strHost As String - Hostname or IP address of the computer you want to ping
' 2) strAltCredentials As String - Specify an empty string to use Network Monitor service credentials.
' To use alternate credentials, enter a server that is defined in Server Credentials table.
' (To define Server Credentials, choose Tools->Options->Server Credentials)'
' 3) strEvtLogFile As String - Name of the Logfile, for instance: Application
' 4) strEventID As String - EventCode, for instance: "8000". Use the "*" wildcard to select all
' 5) strEvtSource As String - Name of the Source, for instance "AxNmSvc". Use the "*" wildcard to select all
' 6) strEvtDescriptionPattern - Pattern to match in the description. Use the '*' wildcard to select all
' 7) bErrorWhenFound As Boolean - When 1 or more events are matched, result is: Error or Success
' Usage:
' CheckEventLog( "<Hostname | IP>", "<Empty String | Server>", "<Application | System | ...>", "<event_id>", "<Source Name>", "<Pattern>", <True | False> )
' Sample:
' CheckEventLog( "localhost", "", "application", "1", "AxNmSvc", "ActiveXperts Network Monitor", False )
'
' This function uses of the 'ActiveXperts.NMWev' ActiveX control to access Windows .evt and .evtx Event Logs on remote computers.
' The control simplifies the XPath programming logic, by providing easy-to-use functions to access event logs.
' ActiveXperts.NMWev data members:
' - LastError. Use it to check the result of a function. After a call to a function, LastError will be 0 for success, or else a positive error code.
' Error codes can be lookup up here: http://www.activexperts.com/support/errorcodes/
' ActiveXperts.NMWev functions:
' - Initialize( LogFile As String ). Initializes the 'ActiveXperts.NMWev' object. Pass a valid log filename for troubleshooting purposes/
' - Shutdown(). Call it to unintialize the object. Should always be called at the end of the script.
' - Clear(). Clears the LastError property of the object.
' - BuildQuery( EventLog As String, FilterSource As String, FilterEventID As String, FilterTaskCategory As String, FilterUser As String, FilterData As String, LevelFlags As Number, TimeSpanMilliseconds As Number )
' Function returns an XPath string that can be used in FindFirstEvent's first parameter.
' Use the ActiveXperts Event Log Diagnostic Utility to see how XPath queries are defined. Such XPath string can be simply copy/pasted into this script, instead of using 'BuildQuery'.
' - GetLevelFlag( Information As Boolean, LevelWarning As Boolean, LevelError As Boolean, LevelCritical As Boolean, LevelVerbose As Boolean, LevelSuccess As Boolean, LevelFailure As Boolean )
' The function returns a number value that can be used as input parameter to BuildQuery's LevelFlags parameter.
' - Connect( Host As String, AlternateUser As String, AlternatePassword As String )
' Establishes a connection to a (remote) host.
' AlternateUser and AlternatePassword should only be set in case alternate credentials should be used.
' - Disconnect
' Disconnects the connected session.
' - FindFirstEvent( XPathQuery As String, MatchDescription As String, MatchDescriptionCase As Boolean, MatchDescriptionRegExpression As Boolean )
' The function returns the first event (As String).
' Parameter XPathQuery: can be defined by BuildQuery function.
' Parameter MatchDescription: the description pattern that should be matched, or empty if no pattern matching should be used.
' Parameter MatchDescriptionCase: if MatchDescription is set, this parameter tells whether or not case senstsitive matching should be performed.
' Parameter MatchDescriptionRegExpression: if MatchDescription is set, this parameter tells whether or not case regular expressions are used in MatchDescription
' - FindNextEvent()
' Retrieves the next event. Should always be called after a successfull call to FindNextEvent.
Dim objNmWev, strSysExplanation
Dim strAltLogin, strAltPassword
Dim numLevelFlag, strQuery, strEvent, numEvents
CheckEventLog = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
strAltLogin = ""
strAltPassword = ""
numEvents = 0
' Cretae ActiveXperts Windows Event Log object
Set objNmWev = CreateObject( "ActiveXperts.NMWev" )
' Initialze EventLog object. Optional parameter: a log file, for debugging purposes
objNmWev.Initialize( "" )
If( objNmWev.LastError <> 0 ) Then
CheckEventLog = retvalUnknown
SYSDATA = ""
SYSEXPLANATION = "Failed to initialize EventLog object."
Exit Function
End If
' If alternate credentials are specified, retrieve the alternate login and password from the ActiveXperts global settings
If( strAltCredentials <> "" ) Then
If( Not getCredentials( strHost, strAltCredentials, strAltLogin, strAltPassword, SYSEXPLANATION )) Then
Exit Function
End If
End If
' Connect. If strAltLogin is empty, the service credentials will be used
objNmWev.Connect strHost, strAltLogin, strAltPassword
If( objNmWev.LastError <> 0 ) Then
CheckEventLog = retvalUnknown
SYSDATA = ""
SYSEXPLANATION = "Failed to connect."
Exit Function
End If
' Get Level Flag.
' Param1: Information Events (yes/no)
' Param2: Warning Events (yes/no)
' Param3: Error Events (yes/no)
' Param4: Critical Events (yes/no)
' Param5: Verbose Events (yes/no)
' Param6: Success Events (yes/no)
' Param7: Failure Events (yes/no)
numLevelFlag = objNmWev.GetLevelFlag( True, True, True, True, True, True, True )
' Get Query string.
' Param1: Event Log File, e.g. "Application"
' Param2: Event Source. Use "*" for any source
' Param3: Event ID. Use "*" for any event ID
' Param4: Event Category. Use "*" for any event category
strQuery = objNmWev.BuildQuery( strEvtLogFile, strEvtSource, strEventID, "*", "*", "*", numLevelFlag , 0 )
' Get First event
' Param1: The Query
' Param2: Description to match. If empty, no description pattern matching will be performed
' Param3: Descriptioon matching case sensitive (yes/no)
' Param4: Use regular expressions for pattern matching (yes/no)
' NOTE: we're not making use of regular expressions. (change the latter to True if you wish!)
' However, it is nice to have '*' as any description. Let's convert '*' to '' because that's what most people expect.
If( strEvtDescriptionPattern = "*" ) Then
strEvtDescriptionPattern = ""
End If
strEvent = objNmWev.FindFirstEvent( strQuery, strEvtDescriptionPattern, False, False )
While( objNmWev.LastError = 0 )
numEvents = numEvents + 1
strEvent = objNmWev.FindNextEvent()
WEnd
objNmWev.FindEventClose()
If( bErrorWhenFound And numEvents > 0 ) Then
CheckEventLog = False
Else
CheckEventLog = True
End If
SYSEXPLANATION = "Events found: [" & numEvents & "]"
SYSDATA = numEvents
' Disconnect
objNmWev.Disconnect()
' Uninitialize
objNmWev.Shutdown()
End Function
' //////////////////////////////////////////////////////////////////////////////
' // --- Private Functions section ---
' // Private functions names should start with a lower case character, so they
' // will not be listed in the Network Monitor's function browser.
' //////////////////////////////////////////////////////////////////////////////
Function getCredentials( strHost, strAltCredentials, BYREF strAltLogin, BYREF strAltPassword, BYREF strSysExplanation )
Dim objNMServerCredentials
strAltLogin = ""
strAltPassword = ""
strSysExplanation = ""
getCredentials = False
If( strAltCredentials = "" ) Then
' No alternate credentials specified, so login and password are empty and service credentials will be used
getCredentials = True
Exit Function
End If
Set objNMServerCredentials = CreateObject( "ActiveXperts.NMServerCredentials" )
strAltLogin = objNMServerCredentials.GetLogin( strAltCredentials )
strAltPassword = objNMServerCredentials.GetPassword( strAltCredentials )
If( strAltLogin = "" ) Then
getCredentials = False
strSysExplanation = "No alternate credentials defined for [" & strAltCredentials & "]. In the Manager application, select 'Options' from the 'Tools' menu and select the 'Server Credentials' tab to enter alternate credentials"
Exit Function
End If
getCredentials = True
End Function