Parsing the Windows Event log for specific data

If you’ve ever tried to find a specific event log entry in a system you know what a chore it can be to find them. Sure, you can filter on the event ID and get closer but, some applications (and system components) log every event that’s from the same source as the same event ID.

IIS is terribly bad about this! Additionally, Microsoft’s search filtering isn’t powerful enough to search in the even description or the event message. The script below solves that problem!

GetLogInfo “ServerName”,”EventID”, “application”, “20081218″

Function GetLogInfo( StrComputer1, EventID, EventLogType, YYYYMMDD)

 Dim objWMIService, colItems, objItem
 Dim TempStr

 On Error Resume Next
  ‘ error control block
  Set objWMIService = GetObject(”winmgmts:{impersonationLevel=impersonate}//” & strComputer1 & “\root\cimv2″)
  Set colItems = objWMIService.ExecQuery (”Select * from Win32_NTLogEvent Where EventCode=” & EventID & ” and logfile=’” & EventlogType & “‘”)
  For Each objItem in colItems
       TempStr = “”
       If mid(objItem.timegenerated,1,8) = YYYYMMDD Then
         TempStr = objItem.message         
         If Replace(TempStr,”Exception message: Request timed out.”,””) <> TempStr Then 
            TempStr = Mid(TempStr,InStr(1,TempStr,”Request URL: “)+13, 100)
            TempStr = Mid(TempStr,1,InStr(1,TempStr,”.aspx”)+4)
            WScript.Echo StrComputer1 & “,” & TempStr
         End if
       End if
  Next
 On Error GoTo 0
End Function