8.14. Script: Event Watcher

You want to watch events in real time as they occur. The Event Viewer utility works fine to view the events that have occurred on a system at a particular point in time, but it doesn't provide an auto-refresh capability, so if you need to constantly monitor for new events, you have to manually refresh the screen.

Here is a simple piece of code that lets you view events as they happen:

' This code displays events for all logs as they occur. Option Explicit ' ------ SCRIPT CONFIGURATION ------ Dim strComputer : strComputer = "." ' ------ END CONFIGURATION --------- Dim objWMI : set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Dim colEvents : set colEvents = objWMI.ExecNotificationQuery( _ "Select * from _ _InstanceCreationEvent WHERE " & _ " TargetInstance ISA 'Win32_NTLogEvent'") Do Dim objEvent : set objEvent = colEvents.NextEvent WScript.Echo "----------------------------" WScript.Echo objEvent.TargetInstance.Logfile & " Event Log" WScript.Echo "----------------------------" WScript.Echo "Event ID: " & objEvent.TargetInstance.EventIdentifier WScript.Echo "Source: " & objEvent.TargetInstance.SourceName WScript.Echo "Category: " & objEvent.TargetInstance.CategoryString WScript.Echo "Event Type: " & objEvent.TargetInstance.Type Dim strText for each strText in objEvent.TargetInstance.InsertionStrings WScript.Echo "Event Text: " & strText next WScript.Echo "Computer: " & objEvent.TargetInstance.ComputerName WScript.Echo "User: " & objEvent.TargetInstance.User ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.