The VBScript Network and Systems Administrator's Cafe

Apr 20 2009   1:44PM GMT

Parsing the Windows Event log for specific data

Jerry Lees Jerry Lees Profile: Jerry Lees

If you’ve ever tried to find a specific event log entry in a system you know what a chore it can be to find them. Sure, you can filter on the event ID and get closer but, some applications (and system components) log every event that’s from the same source as the same event ID.

IIS is terribly bad about this! Additionally, Microsoft’s search filtering isn’t powerful enough to search in the even description or the event message. The script below solves that problem!

GetLogInfo “ServerName”,”EventID”, “application”, “20081218”

Function GetLogInfo( StrComputer1, EventID, EventLogType, YYYYMMDD)

 Dim objWMIService, colItems, objItem
 Dim TempStr

 On Error Resume Next
  ‘ error control block
  Set objWMIService = GetObject(“winmgmts:{impersonationLevel=impersonate}//” & strComputer1 & “\root\cimv2”)
  Set colItems = objWMIService.ExecQuery (“Select * from Win32_NTLogEvent Where EventCode=” & EventID & ” and logfile='” & EventlogType & “‘”)
  For Each objItem in colItems
       TempStr = “”
       If mid(objItem.timegenerated,1,8) = YYYYMMDD Then
         TempStr = objItem.message         
         If Replace(TempStr,”Exception message: Request timed out.”,””) <> TempStr Then 
            TempStr = Mid(TempStr,InStr(1,TempStr,”Request URL: “)+13, 100)
            TempStr = Mid(TempStr,1,InStr(1,TempStr,”.aspx”)+4)
            WScript.Echo StrComputer1 & “,” & TempStr
         End if
       End if
 On Error GoTo 0
End Function

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: