Hallo,
ich würd gern mit AutoIT das Eventlog bzw. nur eine ID auswerten, nur steh ich gerad auf dem Schlauch. Ich weiss, dass es Befehle unter AutoIT dafuer gibt. Jedoch, wie kann ich ALLE Events mit der ID 123 rausfiltern?? Wo muss ich meine Schleife ansetzen?
Gruß
Hier was altes von mir:
;Coded by UEZ 2009
#AutoIt3Wrapper_Change2CUI=y
#AutoIt3Wrapper_UseUpx=n
#Include <Date.au3>
$oMyError = ObjEvent("AutoIt.Error", "oMyError") ; Install a custom error handler
Global $ip = "localhost"
If $CmdLine[0] > 0 Then $ip = $CmdLine[1]
$objWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & $ip & "\root\cimv2")
[/autoit] [autoit][/autoit] [autoit]ConsoleWrite(GetWMI($ip, 7, 123))
[/autoit] [autoit][/autoit] [autoit]Func GetWMI($srv, $d = 7, $n = "", $cat = "System")
Local $Eventlog_Err, $Eventlog_Err_Logfile, $Eventlog_Err_EventType, $Eventlog_Err_EventID, $Eventlog_Err_TimeGenerated, $Eventlog_Err_SourceName, $Eventlog_Err_InsertionStrings, $Eventlog_Err_Message
Local $date_threshold, $days_threshold, $date_threshold_WQL, $now, $x;, $tmp
$ping = Ping($srv)
If $ping Then
$days_threshold = -1 * $d ; how many days should be looked into the past for error - 0 = today
$now = _NowCalc()
$date_threshold = _DateAdd('d', $days_threshold, $now) ;get the date / time value fom past
$date_threshold_WQL = StringLeft(StringReplace(StringReplace(StringReplace(_DateAdd('d', $days_threshold, $now), ":", ""), "/", ""), " ", ""), 
;convert to WQL-Supported Date Formats
If $n = "" Then
$colItems = $objWMIService.ExecQuery("SELECT Logfile, EventType, EventCode, TimeGenerated, SourceName, InsertionStrings, Message FROM Win32_NTLogEvent WHERE LogFile='" & $cat & "' AND TimeGenerated >= '" & $date_threshold_WQL & "' AND EventType=1", "WQL", 0x30)
Else
$colItems = $objWMIService.ExecQuery("SELECT Logfile, EventType, EventCode, TimeGenerated, SourceName, InsertionStrings, Message FROM Win32_NTLogEvent WHERE EventCode = '" & $n & "' And LogFile='" & $cat & "' AND TimeGenerated >= '" & $date_threshold_WQL & "' AND EventType=1", "WQL", 0x30)
EndIf
If IsObj($colItems) Then
For $objItem In $colItems
$Eventlog_Err_Logfile = $objItem.Logfile
$Eventlog_Err_EventType = $objItem.EventType
$Eventlog_Err_EventID = $objItem.EventCode ;$objItem.EventIdentifier
$Eventlog_Err_TimeGenerated = WMIDateStringToDate2($objItem.TimeGenerated)
$Eventlog_Err_SourceName = $objItem.SourceName
$Eventlog_Err_InsertionStrings = ""
For $x = 0 To UBound($objItem.InsertionStrings) - 1
If Number($objItem.InsertionStrings($x)) = 0 And StringLeft($objItem.InsertionStrings($x), 2) <> "%%" And $objItem.InsertionStrings($x) <> "" And StringLen($objItem.InsertionStrings($x)) > 1 Then ;skip unneeded strings
$Eventlog_Err_InsertionStrings &= StringStripWS(StringReplace(StringReplace($objItem.InsertionStrings($x), Chr(10), ""), Chr(13), ""), 7) & ", "
EndIf
Next
$Eventlog_Err_InsertionStrings = StringTrimRight($Eventlog_Err_InsertionStrings, 1)
$Eventlog_Err_Message = StringStripWS(StringReplace(StringReplace($objItem.Message, Chr(10), ""), Chr(13), ""), 7)
$Eventlog_Err &= $srv & ";" & $Eventlog_Err_Logfile & ";" & $Eventlog_Err_EventType & ";" & $Eventlog_Err_EventID & ";" & $Eventlog_Err_TimeGenerated & ";" & $Eventlog_Err_SourceName & ";" & $Eventlog_Err_InsertionStrings & ";" & $Eventlog_Err_Message & ";" & @CRLF
Next
Return $Eventlog_Err
Else
Return SetError(2, 0, "Error!")
EndIf
Else
Return SetError(1, 0, "Host not reachable")
EndIf
EndFunc
Func WMIDateStringToDate2($dtmDate)
Return (StringMid($dtmDate, 7, 2) & "." & StringMid($dtmDate, 5, 2) & "." & StringLeft($dtmDate, 4) & " " & _
StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate, 13, 2))
EndFunc ;==>WMIDateStringToDate2
Func oMyError()
Msgbox(0,"AutoItCOM Test","We intercepted a COM Error !" & @CRLF & @CRLF & _
"err.description is: " & @TAB & $oMyError.Description & @CRLF & _
"err.windescription:" & @TAB & $oMyError.WinDescription & @CRLF & _
"err.number is: " & @TAB & Hex($oMyError.Number, & @CRLF & _
"err.lastdllerror is: " & @TAB & $oMyError.LastDllError & @CRLF & _
"err.scriptline is: " & @TAB & $oMyError.Scriptline & @CRLF & _
"err.source is: " & @TAB & $oMyError.Source & @CRLF & _
"err.helpfile is: " & @TAB & $oMyError.Helpfile & @CRLF & _
"err.helpcontext is: " & @TAB & $oMyError.HelpContext _
, 20)
EndFunc
Kannst es ja anpassen.
Gruß,
UEZ
