hallo allerseits,
ich bin der neue... und versuche gerade die ersten Schritte dieser neuen Scriptsprache (bin aber kein IT Neuling/ein paar Jahre DOS Scripting schon hinter mir!).
hier mein Problem:
ich möchte ein Script basteln, mit dem ich im ersten Schritt das Ereignisprotokoll eines Windows (2000,2003) Rechners auslesen kann. Ich habe ja auch schon etwas gefunden, aber mit dem Remotezugriff klappt es nicht (Zugriffsrechte sind da!!)
Spoiler anzeigen
$sComputerName = "remotehost"
[/autoit] [autoit][/autoit] [autoit]$objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator")
$objWMIService = $objSWbemLocator.ConnectServer _
($sComputerName, "root\cimv2", $sComputerName)
$objWMIService.Security_.ImpersonationLevel = 3
$Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog'"
If IsObj($objWMIService) Then
$colItems = $objWMIService.ExecQuery ($Query_Clause)
If IsObj($colItems) Then
For $objEvent In $colItems
$Output = ""
$Output &= "Category: " & $objEvent.Category & @CRLF
$Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF
$Output &= "Event Code: " & $objEvent.EventCode & @CRLF
$Output &= "Message: " & $objEvent.Message & @CRLF
$Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF
$Output &= "Source Name: " & $objEvent.SourceName & @CRLF
$Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF
$Output &= "Event Type: " & $objEvent.Type & @CRLF
$Output &= "User: " & $objEvent.User & @CRLF
If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit
Next
Else
MsgBox(16, "Error", "$colItems is not an object.")
EndIf
Else
MsgBox(16, "Error", "$objWMIService is not an object.")
EndIf
$sComputerName = "remotehost"
[/autoit] [autoit][/autoit] [autoit]$objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator")
$objWMIService = $objSWbemLocator.ConnectServer _
($sComputerName, "root\cimv2", $sComputerName)
$objWMIService.Security_.ImpersonationLevel = 3
$Query_Clause = "Select * FROM Win32_NTLogEvent WHERE Logfile = 'System' AND SourceName = 'eventlog'"
If IsObj($objWMIService) Then
$colItems = $objWMIService.ExecQuery ($Query_Clause)
If IsObj($colItems) Then
For $objEvent In $colItems
$Output = ""
$Output &= "Category: " & $objEvent.Category & @CRLF
$Output &= "Computer Name: " & $objEvent.ComputerName & @CRLF
$Output &= "Event Code: " & $objEvent.EventCode & @CRLF
$Output &= "Message: " & $objEvent.Message & @CRLF
$Output &= "Record Number: " & $objEvent.RecordNumber & @CRLF
$Output &= "Source Name: " & $objEvent.SourceName & @CRLF
$Output &= "Time Written: " & $objEvent.TimeWritten & @CRLF
$Output &= "Event Type: " & $objEvent.Type & @CRLF
$Output &= "User: " & $objEvent.User & @CRLF
If MsgBox(64 + 4, "Entry Found:", $Output & @CRLF & @CRLF & "Continue?") = 7 Then Exit
Next
Else
MsgBox(16, "Error", "$colItems is not an object.")
EndIf
Else
MsgBox(16, "Error", "$objWMIService is not an object.")
EndIf
Vielleicht hat jemand ja eine Lösung - vielen Dank son mal im Voraus
Gruß
Peter