Thursday, March 13, 2008

Script to read any Windows Event/Application Log

Awhile back there was a discussion on the TME10 list about reading a custom application event log that a developer is using. The out of the box problem is that the ITM agents don't allow you to specify a log to look at, it only looks at the basic Windows logs. The ultimate solution is to write a script to grad the data.

So here is a simple PERL script that will read all messages from all Windows event/application logs. With a little tweaking, it can be used to feed a Universal Agent that will report to ITM based on Event number or LogFile name.

use strict;
use Win32::OLE('in');

use constant wbemFlagReturnImmediately => 0x10;
use constant wbemFlagForwardOnly => 0x20;

my @computers = ("localhost");
foreach my $computer (@computers) {
print "";
print "==========================================";
print "Computer: $computer";
print "==========================================";

my $objWMIService = Win32::OLE->GetObject("winmgmts:\\\\$computer\\root\\CIMV2") or die "WMI connection failed.";
my $colItems = $objWMIService->ExecQuery("SELECT * FROM Win32_NTLogEventLog", "WQL",
wbemFlagReturnImmediately | wbemFlagForwardOnly);

foreach my $objItem (in $colItems) {
print "Log: $objItem->{Log}";
print "Record: $objItem->{Record}";
print "";
}
}

No comments: