The functionality of PRTG's standard event log sensor is not sufficient for my needs. Is there a way to check a computer's Windows Event Log file using extended functionality, for example, other filters?
Created on Feb 11, 2011 10:37:11 AM by
Last change on Feb 11, 2011 10:52:36 AM by
Using a visual basic script, you can check the Windows Event Log in a similar way the PRTG Event Log Sensor does, plus you can add your own filter functionality. In PRTG, you can run the script as an EXE/Script Sensor.
In the following, we provide a script, ready for your own adaptations. Please note: We provide this information to experienced users "as it is", without any warranty, and we also cannot support you with customizing your EXE/Script sensors. Please see further documentation within the script.
' ********************************************************************************
' PRTG Custom EXE Sensor, VB Demo Script for checking Eventlog entries via WMI
' ********************************************************************************
' created Feb 2011 for PRTG Network Monitor V8 by Paessler Support Team, www.paessler.com
' This script is Open Source and comes without support or warranty
'************ How it works ***************************************************
' This Script reads the number of new entries in the Windows Eventlog between intervals.
' In order to do so it stores the timestamp of the last reading in a registry key.
' This registry key (which is of type string) has to be created by the user before running the script the first time.
' Just leave the value empty.
' We recommend that you modify the script and check via VB if the registry key exists, then create it, if necessary.
' You will find examples of how to do this on the internet.
' The regsitry key has to be unique for each sensor of this type.
' You might consider storing the timestamp value in a file instead of the registry, because this is often easier
' to do.
' To further refine the filtering of the event log entries, please modify the section
' where the event log entries are retrieved via WQL. Check out http://msdn.microsoft.com/en-us/library/aa394226(v=vs.85).aspx
' for more information about possibilities of the WMI class.
' After opening the query you can read through the messages and further refine your result by means of VB script.
'********** VERY IMPORTANT *************************************************
' The registy key contained in strKeyPath and strValueName must be unique for each sensor of this type.
' You must create it in the registry BEFORE running the sensor!
' Alternatively you could create it dynamically modifying this script.
const HKEY_LOCAL_MACHINE = &H80000002
const strKeyPath = "SOFTWARE\Paessler\PRTG Network Monitor\Custom Sensors"
const strValueName = "UTCTime"
'************ Set Your WMI credentials here ****************
' Leave User and Password blank for local machine
strComputer = "."
strUser = ""
strPassword = ""
strNamespace = "root/cimv2"
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(strComputer,strNamespace,strUser,strPassword)
strUTCTime = ""
ReadUTC
' *********************** WQL statement ********************************************
' Check out http://msdn.microsoft.com/en-us/library/aa394226(v=vs.85).aspx
' for more information about possibilities for refining the conditions in your WQL statement
strWQL = "SELECT TimeGenerated,RecordNumber,Message FROM Win32_NTLogEvent WHERE TimeGenerated > '" + strUTCTime + "'"
strWQL = strWQL + " AND Logfile ='Application'"
Set objEventLog = objWMIService.ExecQuery(strWQL)
iCount = 0
strMessage = "No new message"
iRecordNumber = 0
For Each obj in objEventLog
iCount = iCount +1
if iRecordNumber = 0 Then
iRecordNumber = obj.RecordNumber
strUTCTime = obj.TimeGenerated
strMessage = obj.Message
End If
If iRecordNumber < obj.RecordNumber Then
iRecordNumber = obj.RecordNumber
strUTCTime = obj.TimeGenerated
strMessage = obj.Message
End IF
Next
WriteUTC
Set objEventLog = nothing
Set objLocator = nothing
Set objWMIService = nothing
strMessage = Replace(strMessage, vbCrLf, "")
wscript.echo iCount & ":" & strMessage
WScript.Sleep 1000
wscript.quit("0")
Sub ReadUTC
Set objRegistry = GetObject("WinMgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strUTCTime
If IsNull(strUTCTime) or strUTCtime = "" then
strUTCTime = GetUTC
End If
End Sub
Sub WriteUTC
Set objRegistry = GetObject("WinMgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
objRegistry.SetStringValue HKEY_LOCAL_MACHINE,strKeypath,strvalueName,CSTR(strUTCTime)
End Sub
Function GetUTC()
Set objTimeZone = objWMIService.ExecQuery ("SELECT Bias FROM Win32_TimeZone")
For Each colTimeZone in objTimeZone
intBias = colTimeZone.Bias
Next
Set objUTCTime = objWMIService.ExecQuery ("SELECT * FROM Win32_UTCTime")
For Each colUTCTime in objUTCTime
intYear = colUTCTime.Year
intMonth = colUTCTime.Month
intDay = colUTCTime.Day
intHour = colUTCTime.Hour
intMinute = colUTCTime.Minute
intSecond = colUTCTime.Second
Next
strTargetDate = intYear
strMonth = intMonth
If Len(strMonth) = 1 Then
strMonth = "0" & strMonth
End If
strTargetDate = strTargetDate & strMonth
strDay = intDay
If Len(strDay) = 1 Then
strDay = "0" & strDay
End If
strTargetDate = strTargetDate & strDay
strHour = intHour
If Len(strHour ) = 1 Then
strHour = "0" & strHour
End If
strTargetDate = strTargetDate & strHour
strMinute = intMinute
If Len(strMinute ) = 1 Then
strMinute = "0" & strMinute
End If
strTargetDate = strTargetDate & strMinute
strSecond = intSecond
If Len(strSecond ) = 1 Then
strSecond = "0" & strSecond
End If
GetUTC = strTargetDate & strSecond & ".00000+000"
End Function
Created on Feb 11, 2011 10:45:45 AM by
Last change on May 24, 2011 2:05:52 PM by
Please log in or register to enter your reply.
Add comment