'Get Event Viewer Filering by: event,source,id,days,server USING: dumpel.exe 'Be able to get Multiple Evens from Multiple Servers(servers array ?) events in array (?) 'NOTES: dumpel.exe is much faster then WMI or LogParser API 'Author: Felipe Ferreira 'Adapted to Nagios '1. Get all arguments from cmd '2. Count output of each line of the dumplog '3. Calculate the Warning / Critical / OK '3. Output in the format: 'ex: Found XE event of the type XT and ID XI in the last XT minutes | EventsFound XE : Warn : Crit Option Explicit Dim t1 : t1 = Timer 'time the script dim strScriptFile : strScriptFile = WScript.ScriptFullname dim strScriptPath : strScriptPath = Left(strScriptFile, Len(strScriptFile) - Len(WScript.Scriptname)) Dim EventDumpPath : EventDumpPath = strScriptPath ' WHERE LOG FILE WILL STAY Dim ofso : Set ofso = CreateObject("Scripting.FileSystemObject") Dim blnErrorFound : blnErrorFound = false Dim EventDumplog, strLine, strBody, Server, strLogFile Dim intLineCnt Dim eType,eType2,eSource,eError,eServer,eDays Dim verbose Dim argcountcommand Dim arg(25) '# EDIT HERE # EDIT HERE # EDIT HERE verbose="0" 'eType="System" 'eSource="Srv" 'eError="2022" eServer="localhost" eDays="1" GetArgs() if(argcountcommand >= 4) then eType = GetOneArg("-t") 'Type, Application,System, eError = GetOneArg("-e") 'ID eSource = GetOneArg("-s") 'Source else 'call help() 'wscript.quit(3) end if '# EDIT HERE # EDIT HERE # EDIT HERE # 'FUNCTION CALLS: (eType,eSource,eError,eServer,eDays) Application, Id, Type call pt( "Checking: " & eServer & " Event Source: " & eSource & " EventID: " & eError & " " & eType) call Execute(eType,eSource,eError,eServer,eDays) call CheckifError(EventDumpLog) if (blnErrorFound = true) then wscript.echo "CRITICAL - " & intLineCnt & " Error(s) where found |EventErros=" & intLineCnt else wscript.echo "OK - No Error(s) found today, for eventID: " & eError & " , " & eType & "| EventErros=0" end if '__________________________________FUNCNTIOS AND SUBS_________________________ Function Execute(eType,eSource,eError,eServer,eDays) 'on error resume next blnErrorFound = False EventDumplog = eServer & "_" & eError & ".log" dim strCmd,strCmdOut dim objShell : Set objShell = WScript.CreateObject("WScript.Shell") strCmd = strScriptPath & "dumpel.exe -f " & EventDumpLog & " -l " & eType & " -m " & eSource & " -e " & eError & " -s " & eServer & " -d " & eDays pt(strCmd) Dim objExecObject : Set objExecObject = objShell.Exec(strCmd) 'MUST GET STDOUT, SOMETIMES APP DONT RUN! Do While objExecObject.Status <> 1 'wscript.sleep 20 'Wscript.StdOut.Write(".") Loop 'if err.number = 0 and objExecObject.Status = 1 then 'end if end function sub CheckIfError(strLogFile) 'Looks into Log folder if any .log and not 0kb turn ErrorFound=true that will zip and send email on error resume next Dim ofso,dumpFile,f Dim fso Const ForReading = 1 intLineCnt=0 pt("Checking for errors: " & strLogFile) set fso = CreateObject("Scripting.FileSystemObject") Set ofso = CreateObject("Scripting.FileSystemObject") Set dumpFile = ofso.OpenTextFile(strLogFile, ForReading) 'pt dumpFile.size 'GET FILE SIZE If ofso.FileExists(strLogFile) Then Set f = ofso.GetFile(strLogFile) pt "Arquivo " & strLogFile & " = " & f.Size & " kb" 'displays size of file If (f.size = 0) Then pt "No errors found" dumpFile.close f.delete else Do Until dumpFile.AtEndOfStream strLine = dumpFile.ReadLine intLineCnt = intLineCnt + 1 pt strLine blnErrorFound = True loop end if 'File Dump Size Check else pt "Arquivo " & strLogFile & " nao existe" end if end sub Function GetArgs() 'Get ALL arguments passed to the script On Error Resume Next Dim i argcountcommand=WScript.Arguments.Count for i=0 to argcountcommand-1 arg(i)=WScript.Arguments(i) p i & " - " & arg(i) next End Function Function GetOneArg(strName) On Error Resume Next Dim i for i=0 to argcountcommand-1 if (Ucase(arg(i))=Ucase(strName)) then GetOneArg=arg(i+1) Exit Function end if next End Function Function pt(msgTxt) if verbose = "1" then wscript.echo msgtxt end if end function