我编写了一个VBScript来枚举特定日期事件日志中的事件。
第一个查询从今天日期和昨天日期之间的NT事件日志事件中选择,
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
然后从上面的查询中我想从日志文件中提取事件id。
For Each objEvent in colEvents
If objEvent.Eventcode = EventNu And (objEvent.LogFile = EventLog) Then
我已将以下内容放入脚本中并且它可以工作,但是我想通过命令行使用参数(即EventLogCheck.vbs EventNumber LogFile),但如果我使用脚本的参数secion,则不返回任何项目。这让我疯了。下面的完整脚本使用变量,我已经注释掉了参数部分,但是您可以取消注释它们并使用它。我究竟做错了什么?谢谢你的帮助!
Const CONVERT_TO_LOCAL_TIME = True
Dim EventLog
EventNu = 18
EventLog = "System"
'Input from the command line
'If Wscript.Arguments.Count <= 1 Then
' Wscript.Echo "Usage: EventLogCheck.vbs EventNumber LogFile"
' Wscript.Quit
'End If
'EventNu = WScript.Arguments.Item(0)
'EventLog = WScript.Arguments.Item(1)
'For Each Computer In Wscript.Arguments
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
'DateToCheck = CDate("5/18/2009")
DateToCheck = date
dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME
dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For Each objEvent in colEvents
If objEvent.Eventcode = EventNu And (objEvent.LogFile = EventLog) Then
'Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "Message: " & objEvent.Message
' Wscript.Echo "Record Number: " & objEvent.RecordNumber
' Wscript.Echo "Source Name: " & objEvent.SourceName
Wscript.Echo "Time Written: " & objEvent.TimeWritten
Wscript.Echo "Event Type: " & objEvent.Type
' Wscript.Echo "User: " & objEvent.User
Wscript.Echo objEvent.LogFile
End if
Next
'Next
WScript.Echo EventNu
WScript.Echo EventLog