从Windows事件查看器中提取错误日志 [英] Extracting error logs from Windows event viewer

问题描述

我想创建VBScript代码以从Windows Event Viewer中专门检索错误类型日志，将它们保存在.txt文件中，然后通过FTP或直接复制进行传输.

I want to create VBScript code to retrieve specifically error type logs from Windows Event Viewer, save them in a .txt file, and transfer it via FTP or just direct copy.

我该如何实现?

我一直在阅读，偶然发现了以下页面:

I've been doing some reading and stumbled upon these pages:

将文件复制到远程计算机.

但是我只是不了解整个过程.

But I just don't understand how to do this process as a whole.

推荐答案

您可以使用WMI查询来查询事件日志.这是有关特定类的信息

You can query the Event Log using a WMI query. Here is information about the specific class.

在不完全知道您要查找什么的情况下，假设您要搜索应用程序事件日志并记录任何事件ID1003.我使用错误恢复时下一步"作为快速解决方案，因此在出现字段时也不会出错不包含数据.

Without knowing exactly what you're looking for, let's assume you wanted to search the Application event logs and record any event id 1003. I use On Error Resume Next as a quick fix so it doesn't error out if a field doesn't contain data.

On Error Resume Next
LOG_FILE = "temp.txt"

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent WHERE LogFile='Application'")

For Each objEventin colItems
    If objEvent.EventCode = 1003 Then       
        writeLog "Category: " & objEvent.Category
        writeLog "Category String: " & objEvent.CategoryString
        writeLog "Computer Name: " & objEvent.ComputerName
        writeLog "Data: " & objEvent.Data
        writeLog "Event Code: " & objEvent.EventCode
        writeLog "Event Identifier: " & objEvent.EventIdentifier
        writeLog "Insertion Strings: " & objEvent.InsertionStrings
        writeLog "Logfile: " & objEvent.Logfile
        writeLog "Message: " & objEvent.Message
        writeLog "Record Number: " & objEvent.RecordNumber
        writeLog "Source Name: " & objEvent.SourceName
        writeLog "Time Generated: " & objEvent.TimeGenerated
        writeLog "Time Written: " & objEvent.TimeWritten
        writeLog "Type: " & objEvent.Type
        writeLog "User: " & objEvent.User 
        writeLog ""  
    End If
Next

Sub writeLog(strText)
  Dim objFSO, objLogFile

  Set objFSO = CreateObject("Scripting.FileSystemObject")  
  Set objLogFile = objFSO.OpenTextFile(LOG_FILE, 8, True)

  objLogFile.WriteLine strText
  objLogFile.Close

  Set objLogFile = Nothing
  Set objFSO = Nothing

End Sub

这篇关于从Windows事件查看器中提取错误日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！