IDC资讯中心
if you administrate a web server on a remote machine, then you know how important it can be to be able to quickly view your event logs and "check on things" until recently, the only way to do this was to log onto the machine via terminal services, vnc or pc anywhere, log onto the desktop, and bring up event viewer that way. or, you could use somebodys component.
fortunately,. the windows management instrumentation (wmi) interface has become so sophisticated — and scriptable — that we can now do all this using these scripting interfaces in an asp page. not only that, but we can make things a lot easier by creating a form – based query interface that lets you enter search terms to get back only what you need to see.
the key to all this is an implementation of the desktop management task forces (dmtf) web-based enterprise management (wbem) initiative for microsoft® windows platforms that extends the common information model (cim) to represent management objects in windows management environments. the common information model, also a dmtf standard, is an extensible data model for logically organizing management objects in a consistent, unified manner in a managed environment. it provides:
a rich query language that enables detailed queries of the information model.
a scriptable api that developers can use to create management applications. the scripting api supports several languages, including microsoft visual basic®; visual basic for applications (vba); visual basic, scripting edition (vbscript); microsoft jscript® development software. besides vbscript and jscript, developers can use any scripting language implementation that supports microsofts activex® scripting technologies with this api (for example, a perl scripting engine). additionally, you can use the windows scripting host or microsoft internet explorer to run scripts utilizing this interface. windows scripting host, like internet explorer, serves as a controller engine of activex scripting engines. windows scripting host supports scripts written in vbscript and jscript.
what well do here is use the scripting interface to write an asp web page that can be loaded from the iis machine just like any web page, and that allows us to view and search the event logs:
<%
event log reader by peter a bromberg
in our first script block, we simply check to see if the form has been submitted. if so, we instantiate the wscript.network object to
get an instance of the computer name, and display it
if request.form("submit") = "" then
set onet =createobject("wscript.network")
compname=onet.computername
response.write "<basefont face=verdana>"
response.write "viewing: " & compname & "<br>"
set onet = nothing
%>
<!– the form wasnt submitted, so lets display it for the user…–>
<form action =eventlog.asp method=post>
<table cellpadding=2 cellspacing=2 border=0>
<tr><td>
<input type=text name=cn value=<%=compname%>></td><td>computer name</td></tr>
<tr><td><select name=lf>
<option value=application>application</option>
<option value=system>system</option>
<option value=security>security</option>
</select></td><td>log file</td></tr>
<tr><td><input type =text name=s></td><td>event source</td></tr>
<tr><td><select name=t>
<option value=>all</option>
<option value=information>information</option>
<option value=warning>warning</option>
<option value=error>error</option>
</select></td><td>type</td></tr>
<tr><td><input type=text name=e></td><td>event code</td></tr>
<tr><td><input type=text name=u></td><td>username</td></tr>
<tr><td><input type=password name=p></td><td>password</td></tr>
<tr><td colspan=2 align=center><input type=submit name=submit value=check></td></tr>
</table>
</form>
<%
the form was submitted, so lets do our processing of the users query..
else
declare and initialize the variables we need…
dim wmiservices, wmiresultset, wmirecord
dim strcomputer, strlogfile, strwqlquery
dim dtdate, dttime
set onet =createobject("wscript.network")
set wmilocator = createobject("wbemscripting.swbemlocator")
strcomputer = onet.computername
create the base query, and add the users selections to the query string …
strwqlquery = "select * from win32_ntlogevent where logfile="
if(request.form("cn") <> "") then strcomputer = request.form("cn")
if(request.form("lf")<> "") then strlogfile = request.form("lf")
strwqlquery = strwqlquery & """" & strlogfile & """"
if(request.form("s")<> "") then strwqlquery = strwqlquery & " and sourcename=" & """" & request.form("s") & """"
if(request.form("t") <>"") then strwqlquery = strwqlquery & " and type=" & """" & request.form("t") & """"
if(request.form("e") <>"") then strwqlquery = strwqlquery & " and eventcode=" & """" & request.form("e") & """"
connect to the default machine, or optionally to another machine and accept username and pasword
if request.form("u") <> "" then
set wmiservices = wmilocator.connectserver(strcomputer , "root\default", request.form("u"), request.form("p"))
else
set wmiservices = wmilocator.connectserver(strcomputer )
end if
execute our wmi query…
set wmiresultset = wmiservices.execquery(strwqlquery)
if(wmiresultset.count = 0) then
response.write "<b>query: """ & strwqlquery & """ returned 0 records.</b>"
else
display the results in a nice table..
response.write "<table cellspacing=2 cellpadding=2 border=0 style=""font-face:tahoma; font-size:9pt;"">"
response.write "<tr bgcolor=lightblue style=""font-face:tahoma; font-size:9pt;""><th>rec</th><th>type</th><th>date</th><th>time</th><th>source</th><th>category</th><th>cat strg</th><th>event</th><th>usr</th><th>computer</th><th>msg</th></tr>"
for each wmirecord in wmiresultset
dtdate = cwmidate(wmirecord.timegenerated)
dttime = cwmitime(wmirecord.timegenerated)
i = i +1
if i mod 2 = 0 then
response.write "<tr bgcolor=#ffcc66>"
else
response.write "<tr bgcolor=lightgrey>"
end if
response.write "<td>" & wmirecord.recordnumber &" </td>" & _
"<td>" & wmirecord.type & "</td>" & _
"<td>" & dtdate & "</td>" & _
"<td>" & dttime & "</td>" & _
"<td>" & wmirecord.sourcename & "</td>" & _
"<td>" & wmirecord.category & "</td>" & _
"<td>" & wmirecord.categorystring & "</td>" & _
"<td>" & wmirecord.eventcode & "</td>" & _
"<td>" & wmirecord.user & "</td>" & _
"<td>" & wmirecord.computername & "</td>" & _
"<td>" & wmirecord.message & "</td></tr>"
next
response.write "</table> </font>"
provide a link at the bottom to perform a new query…
response.write "<div align=center><a href=eventlog.asp>new query</a></div>"
cleanup objects..
set onet = nothing
set wmilocator =nothing
set wmiservices=nothing
set wmiresultset = nothing
end if
helper functions for date and time formatting of the cim datetime object…
function cwmidate(cim_datetime)
dim strdatetime, iyear, imonth, iday
strdatetime = cstr(cim_datetime)
iyear = cint(mid(strdatetime, 1, 4))
imonth = cint(mid(strdatetime, 5, 2))
iday = cint(mid(strdatetime, 7, 2))
cwmidate = cdate(join(array(imonth, iday, iyear), "/"))
end function
function cwmitime(cim_datetime)
dim strdatetime, ihours, iminutes, iseconds
strdatetime = cstr(cim_datetime)
ihours = cint(mid(strdatetime, 9, 2))
iminutes = cint(mid(strdatetime, 11, 2))
iseconds = cint(mid(strdatetime, 13, 2))
cwmitime = timeserial(ihours, iminutes, iseconds)
end function
end if
%>
