VB Script
I know how to extract particular event IDs from a particular event log. What I would like to do is specify the date and time range to look for events. Say todays date from 2:00 A.M. until 5:00 A.M. Any ideas?
ASKER
Rob,
Unfortunately the script errors out on line 3. Here is a sample of my short script. All I want to do is extract from todays date from 1:00 A.M. to say 10:00 A.M. I do not need to verify or set time zones. I have increased the point value for your efforts.
Sample:
strComputer = "AAA"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'application' and " _
& "EventCode = '2000' AND TimeWritten> '8/22/2007'")
Wscript.Echo "FanClubs Web Site restarts: " & colLoggedEvents.Count
Unfortunately the script errors out on line 3. Here is a sample of my short script. All I want to do is extract from todays date from 1:00 A.M. to say 10:00 A.M. I do not need to verify or set time zones. I have increased the point value for your efforts.
Sample:
strComputer = "AAA"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'application' and " _
& "EventCode = '2000' AND TimeWritten> '8/22/2007'")
Wscript.Echo "FanClubs Web Site restarts: " & colLoggedEvents.Count
Hi, sorry, I had
txt_DateFrom.Value
up there. I used this code in a HTA that had a calendar control, and that text box held the date.
Change each txt_DateFrom.Value to Now and it will get today's date. So from 1am to 10am use this:
'==========
strComputer = "AAA"
strTimeBias = Get_CurrentTimeZone_Of_Com
strTimeBias = "+" & strTimeBias
strDateFrom = DatePart("yyyy", Now) & Pad_String(DatePart("m", Now), 2, "Left", "0") & Pad_String(DatePart("d", Now), 2, "Left", "0") & "010000.000000" & strTimeBias
strDateTo = DatePart("yyyy", Now) & Pad_String(DatePart("m", Now), 2, "Left", "0") & Pad_String(DatePart("d", Now), 2, "Left", "0") & "100000.000000" & strTimeBias
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'application' and " _
& "EventCode = '2000' AND TimeWritten >= '" & strDateFrom & "' AND TimeWritten <= '" & strDateTo & "'")
Wscript.Echo "FanClubs Web Site restarts: " & colLoggedEvents.Count
Function Pad_String(strOriginalStri
If LCase(strPaddingSide) <> "left" And LCase(strPaddingSide) <> "right" Then
strPaddingSide = "right"
End If
Select Case LCase(strPaddingSide)
Case "left"
Pad_String = Right(String(intTotalLengt
Case "right"
Pad_String = Left(strOriginalString & String(intTotalLengthRequi
End Select
End Function
Function Get_CurrentTimeZone_Of_Com
Dim objWMIService, colLogFiles, objLogFile, intTotal, colItems, objItem, strCurrentTimeZone
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objWMIService = GetObject("winmgmts:{imper
strComputerName & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("S
On Error Resume Next
For Each objItem in colItems
If Err.Number = 0 Then
On Error GoTo 0
strCurrentTimeZone = objItem.CurrentTimeZone
Exit For
Else
MsgBox "Unknown Error during Time Bias for " & strComputer & "." & vbCrLf & "Error Number: " & _
Err.Number & vbCrLf & "Error Description: " & Err.Description, vbOKOnly, "Unknown Error"
Err.Clear
On Error GoTo 0
Exit For
End If
Next
On Error GoTo 0
Get_CurrentTimeZone_Of_Com
End Function
'==========
The reason you need to use the strTimeBias is because the events TimeWritten property it written as
yyyymmddhhmmss.nnnnnn+660
where +660 is the Regional Settings Time Bias.
See how you go,
Regards,
Rob.
txt_DateFrom.Value
up there. I used this code in a HTA that had a calendar control, and that text box held the date.
Change each txt_DateFrom.Value to Now and it will get today's date. So from 1am to 10am use this:
'==========
strComputer = "AAA"
strTimeBias = Get_CurrentTimeZone_Of_Com
strTimeBias = "+" & strTimeBias
strDateFrom = DatePart("yyyy", Now) & Pad_String(DatePart("m", Now), 2, "Left", "0") & Pad_String(DatePart("d", Now), 2, "Left", "0") & "010000.000000" & strTimeBias
strDateTo = DatePart("yyyy", Now) & Pad_String(DatePart("m", Now), 2, "Left", "0") & Pad_String(DatePart("d", Now), 2, "Left", "0") & "100000.000000" & strTimeBias
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'application' and " _
& "EventCode = '2000' AND TimeWritten >= '" & strDateFrom & "' AND TimeWritten <= '" & strDateTo & "'")
Wscript.Echo "FanClubs Web Site restarts: " & colLoggedEvents.Count
Function Pad_String(strOriginalStri
If LCase(strPaddingSide) <> "left" And LCase(strPaddingSide) <> "right" Then
strPaddingSide = "right"
End If
Select Case LCase(strPaddingSide)
Case "left"
Pad_String = Right(String(intTotalLengt
Case "right"
Pad_String = Left(strOriginalString & String(intTotalLengthRequi
End Select
End Function
Function Get_CurrentTimeZone_Of_Com
Dim objWMIService, colLogFiles, objLogFile, intTotal, colItems, objItem, strCurrentTimeZone
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objWMIService = GetObject("winmgmts:{imper
strComputerName & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("S
On Error Resume Next
For Each objItem in colItems
If Err.Number = 0 Then
On Error GoTo 0
strCurrentTimeZone = objItem.CurrentTimeZone
Exit For
Else
MsgBox "Unknown Error during Time Bias for " & strComputer & "." & vbCrLf & "Error Number: " & _
Err.Number & vbCrLf & "Error Description: " & Err.Description, vbOKOnly, "Unknown Error"
Err.Clear
On Error GoTo 0
Exit For
End If
Next
On Error GoTo 0
Get_CurrentTimeZone_Of_Com
End Function
'==========
The reason you need to use the strTimeBias is because the events TimeWritten property it written as
yyyymmddhhmmss.nnnnnn+660
where +660 is the Regional Settings Time Bias.
See how you go,
Regards,
Rob.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
:
'==========
strTimeBias = Get_CurrentTimeZone_Of_Com
strTimeBias = "+" & strTimeBias
strDateFrom = DatePart("yyyy", txt_DateFrom.Value) & Pad_String(DatePart("m", txt_DateFrom.Value), 2, "Left", "0") & Pad_String(DatePart("d", txt_DateFrom.Value), 2, "Left", "0") & "000000.000000" & strTimeBias
strDateTo = DatePart("yyyy", txt_DateTo.Value) & Pad_String(DatePart("m", txt_DateTo.Value), 2, "Left", "0") & Pad_String(DatePart("d", txt_DateTo.Value), 2, "Left", "0") & "235959.000000" & strTimeBias
Set colLoggedEvents = objWMI.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'System' AND TimeWritten >= '" & _
strDateFrom & "' AND TimeWritten <= '" & strDateTo & "'", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
Function Pad_String(strOriginalStri
If LCase(strPaddingSide) <> "left" And LCase(strPaddingSide) <> "right" Then
strPaddingSide = "right"
End If
Select Case LCase(strPaddingSide)
Case "left"
Pad_String = Right(String(intTotalLengt
Case "right"
Pad_String = Left(strOriginalString & String(intTotalLengthRequi
End Select
End Function
Function Get_CurrentTimeZone_Of_Com
Dim objWMIService, colLogFiles, objLogFile, intTotal, colItems, objItem, strCurrentTimeZone
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objWMIService = GetObject("winmgmts:{imper
strComputerName & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("S
On Error Resume Next
For Each objItem in colItems
If Err.Number = 0 Then
On Error GoTo 0
strCurrentTimeZone = objItem.CurrentTimeZone
Exit For
Else
MsgBox "Unknown Error during Time Bias for " & strComputer & "." & vbCrLf & "Error Number: " & _
Err.Number & vbCrLf & "Error Description: " & Err.Description, vbOKOnly, "Unknown Error"
Err.Clear
On Error GoTo 0
Exit For
End If
Next
On Error GoTo 0
Get_CurrentTimeZone_Of_Com
End Function
'==========
Regards,
Rob.