Home > Programming, vbScript > Can you just get the logs from the system?

Can you just get the logs from the system?

18th February, 2011 Leave a comment Go to comments

It sounds like such a simple request, doesn’t it? Of course, the person asking doesn’t realise that the environment consists of a Database server, an application server, and a couple of frontend web servers… oh, and a management information server and its associated log shipping server (as it’s still on SQL 2000).

They are also unsure which logs the software developer requires. Is it the system event log? The application log? Or even the security log? Do they also want some other text file logs (such as IIS logs)?

Although it doesn’t take long to collect each of these log files individually, when you actually calculate the time it takes to collect them all, it can easily take more than half an hour (and then you’ve got to ensure you’ve collect them all and give each one a unique file name to identify which server it came from). So I decided to see what was possible with a bit of vbScript.

The script creates a sub folder based on the current date and time to hold all the event logs you want to collect. It then contacts each server, enumerates and then backs up each of the event logs it finds. Once completed it moves the saved event logs back to the folder it’s created. Each event log file consists of the server name, event log ID and date/time.

Now the interesting thing to note here is that, although WMI provides a BackupEventLog method, it runs under the local system account and, therefore, cannot backup to a network resource. So we create the file locally on the remote computer and then move the file back to our machine.

For other text files we want to collect, we simply use vbScript’s CopyFile method.

Here’s the script:

' CollectLogs.vbs
' ===============
' Collects Event Logs and other log files from multiple servers
'
' Version 1.0 - 18 Feb 2011
' =============================================================================
' (C) Copyright 2011 Jonathan Cox
' Published on https://3rdlinesupport.wordpress.com
'
' You may use this script in any way (including modifying, reproducing, and
' distributing), provided that you agree that the copyright owner has
' no warranty, obligations, or liability for such use.

Option Explicit

Function GenerateSuffix
   ' Create the suffix for the output folder and file names
   Dim dtmDT
   dtmDT = now()
   GenerateSuffix = Year(dtmDT) & Right("0" & Month(dtmDT), 2) & Right("0" & Day(dtmDT), 2) & "_" & Right("0" & Hour(dtmDT), 2) & Right("0" & Minute(dtmDT), 2)
End Function

Function GenerateFolderName
   ' Create the output folder
   Dim objFSO, objFolder, strFolderPath

   strFolderPath = ".\Logs_" & strSuffix

   Set objFSO = CreateObject("Scripting.FileSystemObject")
   ' If the folder doesn't exist, make it
   If Not objFSO.FolderExists(strOutputFolder) then
      Set objFolder = objFSO.CreateFolder(strFolderPath)
   End if
   Set objFSO = Nothing

   GenerateFolderName = strFolderPath
End Function

Sub CollectEvents
   ' Backup the event logs and then copy to the output folder

   Dim objServer, objWMIService, colLogFiles, objLogfile, intErrorCode, objFSO, objSourceFile

   For each objServer in arrServers
      wscript.echo "Processing Server: " & objServer
      Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Backup, Security)}!\\" & objServer & "\root\cimv2")
      Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile")

      For Each objLogfile in colLogFiles
         intErrorCode = objLogFile.BackupEventLog("C:\Windows\Temp\" & objServer & "_" & objLogFile.LogFileName & "_" & strSuffix & ".evt")
         If intErrorCode = 0 then
            arrSourceFiles(UBound(arrSourceFiles)) = "\\" & objServer & "\C$\Windows\Temp\"  & objServer & "_" & objLogFile.LogFileName & "_" & strSuffix & ".evt"
            ReDim Preserve arrSourceFiles(UBound(arrSourceFiles)+1)
         End If
      Next
   Next

   ReDim Preserve arrSourceFiles(UBound(arrSourceFiles)-1)

   Set objFSO = CreateObject("Scripting.FileSystemObject")
   For each objSourceFile in arrSourceFiles
      wscript.echo "Moving File: " & objSourceFile
      objFSO.MoveFile objSourceFile, strOutputFolder & "\"
   Next
End Sub

Sub CopyFile(strSource,strTarget)
   Dim objFSO

   Set objFSO = CreateObject("Scripting.FileSystemObject")
   wscript.echo "Copying File: " & strSource
   objFSO.CopyFile strSource, strOutputFolder & "\" & strTarget
End Sub

' Global variables
Dim strSuffix                ' Stores the suffic for all files and folder
Dim strOutputFolder          ' Used to store the full path of where the log files are stored
Dim arrServers               ' List of servers to obtain event log from
Dim arrSourceFiles()         ' Holds a list of files to move back

ReDim arrSourceFiles(0)
strSuffix = GenerateSuffix
strOutputFolder = GenerateFolderName

'========================================================================
' Modify the list of servers and any additional files you wish to collect
'========================================================================

arrServers = Array("DBSERVER","WEB01","WEB02","APPSERVER","LOGSHIPSVR","MISSERVER")
Call CollectEvents
Call CopyFile("\\APPSERVER\c$\Logs\APP_log.txt","APPSERVER_APP_log" & "_" & strSuffix & ".txt")
Categories: Programming, vbScript Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a comment