TUTOS.EU

Lire les journaux d’événements Windows avec vbScript

Retourner et filtrer les logs de Windows en vbScript et WMI

Dim varFiltreDate
Dim varNbrRecords
Dim ActualDay, MyDay, MyMonth

'Information. EventType : 0 ou 3
'Avertissement. EventType : 2
'Erreur. EventType : 1


strComputer = "." 
'strComputer = "NomDeMonServeur"

varFiltreDate = ""
'Si vous devez filtrer par date, entrez là au format AAAAMMJJ. Exemple :
'varFiltreDate = "20170608"
'Exemple de format de date remonté dans les events :
'20170616081929 = 2017 06 16 08:19:29 = 16/06/2017 08:19:29

'Si jamais il vous faut la date du jour pour filtrer uniquement sur les évènements de ce jour :
MyDay = Day(Now)
MyMonth = Month(Now)

If Len(MyDay) = 1 Then MyDay = "0" & MyDay
If Len(MyMonth) = 1 Then MyMonth = "0" & MyMonth
ActualDay = Year(Now) & MyMonth & MyDay

'varFiltreDate = ActualDay 'Pour filtrer sur la date du jour

Wscript.echo "Date du jour : " & ActualDay



Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") 
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent",,48)
'Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where Logfile = 'Application'",,48)
'Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where Logfile = 'Application' AND EventType = 3",,48)
'Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where Logfile = 'Application' AND EventType = 3",,48)
'Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where Logfile = 'Application' AND EventType = 1 AND EventCode = 12291",,48)
'Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where Logfile = 'Application' AND Message Like '%653797159%'",,48)


Err.Clear
On error resume next
'http://developer.rhino3d.com/guides/rhinoscript/nothing-empty-null/

varNbrRecords = 0
For Each objItem in colItems
	If Err.Number <> 0 Then Exit For
	On Error goto 0
	
	'Si on n'a pas de filtre sur la date ou si on a justement un filtre sur la date :
	If (varFiltreDate = "") Or (varFiltreDate = Left(objItem.TimeGenerated, 8)) Then
		varNbrRecords = varNbrRecords + 1
		Wscript.Echo "-----------------------------------"
		Wscript.Echo "Win32_NTLogEvent instance"
		Wscript.Echo "-----------------------------------"
		Wscript.Echo "Category: " & objItem.Category
		Wscript.Echo "CategoryString: " & objItem.CategoryString
		Wscript.Echo "ComputerName: " & objItem.ComputerName
		If isNull(objItem.Data) Then
			Wscript.Echo "Data: "
		Else
			Wscript.Echo "Data: " & Join(objItem.Data, ",")
		End If
		Wscript.Echo "EventCode: " & objItem.EventCode
		Wscript.Echo "EventIdentifier: " & objItem.EventIdentifier
		Wscript.Echo "EventType: " & objItem.EventType
		If isNull(objItem.InsertionStrings) Then
			Wscript.Echo "InsertionStrings: "
		Else
			Wscript.Echo "InsertionStrings: " & Join(objItem.InsertionStrings, ",")
		End If
		Wscript.Echo "Logfile: " & objItem.Logfile
		Wscript.Echo "Message: " & objItem.Message
		Wscript.Echo "RecordNumber: " & objItem.RecordNumber
		Wscript.Echo "SourceName: " & objItem.SourceName
		Wscript.Echo "TimeGenerated: " & objItem.TimeGenerated
		Wscript.Echo "TimeWritten: " & objItem.TimeWritten
		Wscript.Echo "Type: " & objItem.Type 'Information, 
		Wscript.Echo "User: " & objItem.User
	End If
	
Next

Wscript.Echo "Nombre d'enregistrements : " & varNbrRecords
Lien vers le fichier : cliquez ici