Windows Admin Scripting Little Black Book- P20 potx

"Error clearing the event log" End If Using Logs with Windows Script Host Windows Script Host allows you to write events to a text log and the event log using simple script files.. Send

Trang 1

3 Select Start|Run and enter “kix32 scriptfile”

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the

following:

$RCODE = BackUpEventLog ("Security", "C:\BACKUP.EVT")

If @ERROR <> 0 or $RCODE <> 0

? "Error backing up log"

End If

Clearing the Event Log

ClearEventLog is a KiXtart command that allows you to clear the contents of an event log The basic syntax for using the ClearEventLog command is as follows:

ClearEventLog ("logtype")

Tip

You can clear the event log of a remote computer by including the UNC path before the log type, for example:

ClearEventLog ("\\computer\Security")

Here, logtype is the type of log to clear (Application, System, or Security) To clear the event log using KiXtart,

proceed as follows:

1 Create a new directory to store all files included in this example

2 Download and extract the latest version of KiXtart, from www.microsoft.com, to the new directory

following:

$RCODE = ClearEventLog ("Security")

? "Error clearing the event log"

End If

Using Logs with Windows Script Host

Windows Script Host allows you to write events to a text log and the event log using simple script files This allows you to store critical events in the event log, while storing less severe events to a text log

Note

Windows Script Host does not contain any methods to read or modify events in the event log

Writing to Text Logs

Text logs provide an easy way to record events and share the file with others, regardless of operating system To log

an event to a text log using Windows Script Host, proceed as follows:

2 Download and install the latest version of Windows Script Host, from www.microsoft.com, to the new

directory

3 Select Start|Run and enter “cscript scriptfile.vbs”

Here, scriptfile is the full path and file name of a script file that contains the following:

On Error Resume Next

Trang 2

Set FSO = CreateObject("Scripting.FileSystemObject")

txtlog = "textlog"

If FSO.FileExists(txtlog) Then

Set LogFile = FSO.OpenTextFile(txtlog, 8)

Else

Set LogFile = FSO.CreateTextFile(txtlog, True)

End If

LogFile.WriteLine Date & " " & Time & " message"

LogFile.Close

Here, message is the alert message to log, and textlog is the complete path and file name of the log file

Writing an Event to the Event Log

You can use Wscript.Shell’s LogEvent method to write events to the event log The basic syntax for using the LogEvent method is as follows:

LogEvent(type,event,computer)

Note

All events are stored in the application log, and cannot be redirected to the system or security logs

Here, event is the text event entry; computer is an optional parameter specifying the name of a remote system to write events to; and type specifies one of the following event types:

SUCCESS (0)

ERROR (1)

WARNING (2)

INFORMATION (4)

AUDIT_SUCCESS (8)

AUDIT_FAILURE (16)

Tip

You can use the corresponding numbers, as opposed to key words, to specify event types

When you use LogEvent to create an event log entry, the following is recorded:

Category—Logged as None

Computer—The name of the target computer

Date—Date the event was written

Event—Logged as 0

Source Type—Logged as WSH

Time—Time the event was written

Type—Type of event entry

User Name—Logged as N/A

Trang 3

Here is a subroutine to write an event:

Sub WriteLog(Ltype, Ldesc)

Set SHELL = CreateObject("WScript.Shell")

LEvent = SHELL.LogEvent(Ltype, Ldesc)

If Err.Number <> 0 Or LEvent = False Then

Wscript.Echo "Error writing event"

End If

End Sub

Note

Because Windows 9x does not contain an event log, all written events will be stored in

%WINDIR%\wsh.log

Here, ltype is the type of event, and ldesc is the event text to write Using the following command combined with the

subroutine above will write a success event to the event log:

WriteLog 0, "This stuff is cool!"

Accessing the Event Log Using WMI

The Win32_NTLogEvent class manages the event logs on Windows NT/2000 systems Through this class, you can

view, write, modify, delete, and back up the event log through simple scripts

Backing Up an Event Log in Binary Mode

The BackupEventLog method allows you to back up an event log to a file in standard event log binary format To

create a backup of the event log in standard event log binary format using WMI, proceed as follows:

2 Download and install the latest version of WMI and Windows Script Host, from www.microsoft.com, to the new directory

LogType = InputBox("Enter the log to backup", "Log Type"

, "application")

BFile = InputBox("Enter file to backup to", "Backup File"

, "C:\BACKUP.LOG")

If FSO.FileExists(BFile) Then

FSO.DeleteFile BFile

End If

Set EventLog = GetObject("winmgmts:{impersonationLevel=

impersonate,(Backup)}").ExecQuery("select * from

Win32_NTEventLogFile where LogfileName='" & LogType & "'")

For each Entry in EventLog

Entry.BackupEventLog BFile

Trang 4

Note

The highlighted code above must be placed on one line The (Backup) privilege is explicitly included

in the example above to allow you to use the BackUpEventLog method

Here, LogType is the event log to back up (application, security, or system), and Bfile is the complete path and

filename to back up to

Backing Up the Entire Event Log in Text Mode

In the previous sections, you learned that the BackUpEventLog method and the Dumpel utility back up the event log

to a text file in binary format Although this format conforms to the standard event log storage format, it does not

allow you to easily view the contents of the backup To create a backup of the event log in plain-text, tab-delimited format using WMI, proceed as follows:

impersonate}").ExecQuery("select * from Win32_NTLogEvent")

Set txt = FSO.CreateTextFile("textfile", True)

If Len(Entry.Message) > 0 Then

For x = 1 to Len(Entry.Message)

Char = Mid(Entry.Message,x,1)

If Asc(Char) = 10 Then

MSG = MSG & " "

ElseIf Asc(Char) <> 13 Then

MSG = MSG & Char

End If

Mid(Entry.TimeGenerated,7,2) & "/" & _

Mid(Entry.TimeGenerated,1,4)

ETime = Mid(Entry.TimeGenerated,9,2) & ":" & _

Mid(Entry.TimeGenerated,11,2) & ":" & _

Mid(Entry.TimeGenerated,13,2)

ETime = FormatDateTime(ETime,3)

If IsNull(Entry.User) Then

User = "N/A"

Trang 5

Else

User = Entry.User

End If

If IsNull(Entry.CategoryString) Then

Category = "none"

Else

Category = Entry.CategoryString

End If

EVT = Entry.LogFile & VBtab & _

Entry.Type & VBtab & _

EDate & VBtab & _

ETime & VBtab & _

Entry.SourceName & VBtab & _

Category & VBtab & _

Entry.EventCode & VBtab & _

User & VBtab & _

Entry.ComputerName & VBtab & _

MSG

txt.writeline EVT

EVT = Null

Char = Null

MSG = Null

End If

Wscript.echo "Done"

Note

The highlighted code above must be placed on one line

Here, textfile is the complete path and file name to back up the event log to

Clearing an Event Log

The ClearEventLog method allows you to clear individual event log entries To clear the entire contents of an event

log using WMI, proceed as follows:

LogType = InputBox("Enter the log to clear", "Clear Log"

, "application")

Trang 6

impersonate}").ExecQuery("select * from

Win32_NTEventLogFile where LogfileName='" & LogType & "'")

Entry.ClearEventlog()

Note

Here, LogType is the event log to clear (Application, Security, or System)

Sending Alerts Using Shell Scripting

Shell scripting does not include a method to send alerts from the command line Microsoft Windows includes the NET.EXE utility to allow you to send messages to users or computers over the network

Sending Alerts to a Single User or Computer

To send a message over the network, start a command prompt and enter the following:

NET SEND name message

Note

NetBIOS messages have a maximum limit of 128 characters

Here, message is the message to send, and name is the NetBIOS name of a computer or user ID

Sending Alerts to Multiple Users and Computers

You can also use the asterisk symbol (*) to send messages to all computers on the local network:

Net Send * message

Here, message is the message to send As opposed to specifying a name or asterisk, you can use one of the

following commands to send messages to multiple users or computers:

/DOMAIN—Sends a message to the local domain

/DOMAIN:name—Sends a message to a specified domain

/USERS—Sends messages to users connected to the server

Here is an example to send a message to the JESSEWEB domain:

Net Send /DOMAIN:JESSEWEB message

Note

Sending messages to the entire network or domain will not only utilize a good portion of your network’s bandwidth but it is also annoying to all the other users

Sending Alerts to Specific Multiple Users and Computers

Although the Net Send command contains methods to send messages to multiple users, it does not contain a

method to send messages to specific user and computer names To send an alert to an exact list of user or computer names using shell scripting, proceed as follows:

2 Select Start|Run and enter “scriptfile.bat”

Trang 7

following:

@Echo Off

For /F %%N in (textfile) Do (Echo Sending Message to

%%N… & Net Send %%N Message)

Note

Here, textfile is the name of a text file with each line containing a user or computer name, and message is the

message to send

Sending Alerts Using KiXtart

KiXtart includes a command called SendMessage that allows you to send NetBIOS messages to users or computers

over the network This command transports messages in a similar fashion to the Microsoft NET.EXE utility

Sending Alerts to a Single User or Computer

To send an alert to a single user using KiXtart, proceed as follows:

following:

$RCODE = SENDMESSAGE ("name", "message")

? "Error sending message"

End If

Here, name is the user or computer name to send a message to

Sending Alerts to Multiple Users or Computers

To send an alert to multiple users using KiXtart, proceed as follows:

following:

$COUNT = 4 ; User Array Count

DIM $NAME[$COUNT] ; User Array

$NAME[0] = "name1"

$NAME[1] = "computer1"

$NAME[2] = "computer2"

$NAME[3] = "name2"

$NETMESSAGE = "This is a test message."

Trang 8

$Index = 0

WHILE $Index <> $COUNT

$RCODE = SENDMESSAGE ($NAME[$Index], $NETMESSAGE)

? "Error sending message"

End If

$Index = $Index + 1

LOOP

Here, $count is the size of the array This is the number of users you want to send messages to This number must exactly match the number of users that you send messages to, or an error will result $name is the array that holds the user or computer names to send messages to, and $netmessage is the message to send

Note

The array size is limited to the amount of memory the system has Remember, the contents of an array start at 0, not at 1 Using versions older than KiXtart 3.62 will cause a script error when attempting to create an array

Sending Alerts Using Windows Script Host

Windows Script Host does not include any methods to send messages to users or computers Through Windows Script Host, you can call upon the NET.EXE utility or use automation to send messages

Sending an Alert to a Single User or Computer

To send an alert to a single user or computer using WSH, proceed as follows:

directory

Set Shell = CreateObject("Wscript.Shell")

RCV = "name"

MSG = "message"

SHELL.Run "Net Send " & Name & " " & MSG, 0, False

Here, RCV is the user or computer name to send a message to, and MSG is the message to send

Sending Alerts to Multiple Users or Computers

To send an alert to multiple user or computer names using WSH, proceed as follows:

directory

Trang 9

Set Shell = CreateObject("Wscript.Shell")

Dim Name(2)

Name(0) = "name1"

Name(1) = "name2"

MSG = "message"

For X = 0 to UBound(Name)

SHELL.Run "Net Send " & Name(X) & " " & MSG, 0, False

be equal to the number of users or computers you want to send messages to MSG is the message to send

Sending an Email Using Outlook Automation

To send an email using Outlook automation, proceed as follows:

directory

RCP = "emailaddress"

SUB = "subject"

MSG = "message"

Set Outlook = CreateObject("Outlook.Application")

Set MAPI = Outlook.GetNameSpace("MAPI")

Set NewMail = Outlook.CreateItem(0)

NewMail.Subject = SUB

NewMail.Body = MSG

NewMail.Recipients.Add RCP

MAPI.Logon "profile", "password"

NewMail.Send

MAPI.Logoff

Here, RCP stores the email address to email; SUB is the email subject; MSG is the message to send; and profile and password are the logon credentials to send the email

Tip

You can omit the highlighted lines above if you do not need to log on to a mail server or if your information is cached

Trang 10

Sending an Email with Attachments Using Outlook Automation

To send an email to multiple users with attachments using Outlook, proceed as follows:

2 Download and install the latest version of Windows Script Host, from www.microsoft.com, to the new directory

RCP = "emailaddress"

Dim File(2)

File(0) = "file1"

File(1) = "file2"

SUB = "subject"

MSG = "message"

Set Outlook = CreateObject("Outlook.Application")

Set MAPI = Outlook.GetNameSpace("MAPI")

Set NewMail = Outlook.CreateItem(0)

NewMail.Subject = SUB

NewMail.Body = MSG

NewMail.Recipients.Add RCP

For X = 0 to (UBound(File)-1)

NewMail.Attachments.Add(file(X))

NewMail.Send

MAPI.Logoff

Here, file is the array that holds the file names to attach to the message; RCP stores the email address to email;

SUB is the email subject; MSG is the message to send; and profile and password are the logon credentials to

send the email

Tip

You can omit the highlighted lines above if you do not need to log on to a mail server or if your information is cached

Sending Emails and Attachments to Multiple Recipients Using Outlook

Automation

To send an email to multiple users with attachments using Outlook, proceed as follows:

2 Download and install the latest version of Windows Script Host, from www.microsoft.com, to the new directory

Tiêu đề	Windows Admin Scripting Little Black Book
Trường học	Microsoft
Chuyên ngành	Windows Administration
Thể loại	scripting guide

Định dạng
Số trang	10
Dung lượng	342,79 KB