Fortunately,. the Windows Management Instrumentation (WMI) interface has become so sophisticated -- and scriptable -- that we can now do all this using these scripting interfaces in an ASP page. Not only that, but we can make things a lot easier by creating a form - based query interface that lets you enter search terms to get back only what you need to see.
The key to all this is an implementation of the Desktop Management Task Force‘’s (DMTF) Web-Based Enterprise Management (WBEM) initiative for Microsoft® Windows platforms that extends the Common Information Model (CIM) to represent management objects in Windows management environments. The Common Information Model, also a DMTF standard, is an extensible data model for logically organizing management objects in a consistent, unified manner in a managed environment. It provides:
A rich query language that enables detailed queries of the information model.
A scriptable API that developers can use to create management applications. The scripting API supports several languages, including Microsoft Visual Basic®; Visual Basic for Applications (VBA); Visual Basic, Scripting Edition (VBScript); Microsoft JScript® development software. Besides VBScript and JScript, developers can use any scripting language implementation that supports Microsoft‘’s ActiveX® Scripting technologies with this API (for example, a Perl scripting engine). Additionally, you can use the Windows Scripting Host or Microsoft Internet Explorer to run scripts utilizing this interface. Windows Scripting Host, like Internet Explorer, serves as a controller engine of ActiveX scripting engines. Windows Scripting Host supports scripts written in VBScript and JScript.
What we‘’ll do here is use the scripting interface to write an ASP web page that can be loaded from the IIS machine just like any web page, and that allows us to view and search the Event Logs:
<%
‘’ Event Log Reader by Peter A Bromberg
‘’ In our first script block, we simply check to see if the form has been submitted. If so, we instantiate the Wscript.Network object to
‘’ get an instance of the computer name, and display it
if Request.Form("SUBMIT") = "" then
set oNet =CreateObject("WScript.Network")
compname=oNet.Computername
Response.write "<BASEFONT FACE=Verdana>"
Response.write "Viewing: " & compname & "<BR>"
set oNet = Nothing
%>
<!-- the form wasn‘’t submitted, so let‘’s display it for the user...-->
<FORM ACTION =eventLog.asp METHOD=POST>
<Table cellpadding=2 cellspacing=2 border=0>
<TR><TD>
<input type=text name=cn value=<%=compname%>></TD><TD>computer name</td></TR>
<TR><TD><select name=LF>
<option value=application>application</option>
<option value=system>system</option>
<option value=security>security</option>
</select></TD><TD>Log File</TD></TR>
<TR><TD><input type =text name=s></TD><TD>Event Source</TD></TR>
<TR><TD><select name=t>
<option value=>ALL</option>
<option value=information>information</option>
<option value=warning>warning</option>
<option value=error>error</option>
</select></TD><TD>Type</TD></TR>
<TR><TD><input type=text name=e></TD><TD>Event Code</TD></TR>
<TR><TD><input type=text name=u></TD><TD>UserName</TD></TR>
<TR><TD><input type=password name=p></TD><TD>Password</TD></TR>
<TR><TD COLSPAN=2 Align=center><input type=SUBMIT NAME=SUBMIT VALUE=CHECK></TD></TR>
</TABLE>
</FORM>
<%
‘’ The form was submitted, so let‘’s do our processing of the user‘’s query..
else
‘’Declare and initialize the variables we need...
Dim wmiServices, wmiResultSet, wmiRecord
Dim strComputer, strLogfile, strWqlQuery
Dim dtDate, dtTime
set oNet =CreateObject("WScript.Network")
set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
strComputer = oNet.ComputerName
‘’ create the base query, and add the user‘’s selections to the query string ...
strWqlQuery = "SELECT * FROM Win32_NTLogEvent WHERE Logfile="
If(Request.Form("cn") <> "") Then strComputer = Request.Form("cn")
If(Request.Form("LF")<> "") Then strLogfile = Request.Form("LF")
strWqlQuery = strWqlQuery & """" & strLogfile & """"
If(Request.Form("s")<> "") Then strWqlQuery = strWqlQuery & " AND SourceName=" & """" & Request.Form("s") & """"
If(Request.Form("t") <>"") Then strWqlQuery = strWqlQuery & " AND Type=" & """" & Request.Form("t") & """"
If(Request.Form("e") <>"") Then strWqlQuery = strWqlQuery & " AND EventCode=" & """" & Request.Form("e") & """"
‘’ Connect to the default machine, or optionally to another machine and accept username and pasword
if Request.form("u") <> "" then
Set wmiServices = wmiLocator.ConnectServer(strComputer , "root\default", Request.form("u"), Request.Form("p"))
else
Set wmiServices = wmiLocator.ConnectServer(strComputer )
end if
‘’ Execute our WMI query...
Set wmiResultSet = wmiServices.ExecQuery(strWqlQuery)
If(wmiResultSet.Count = 0) Then
Response.write "<b>Query: """ & strWqlQuery & """ returned 0 records.</b>"
Else
‘’ Display the results in a nice table..
Response.write "<Table Cellspacing=2 cellpadding=2 border=0 style=""font-face:tahoma; font-size:9pt;"">"
Response.write "<TR bgcolor=lightblue style=""font-face:tahoma; font-size:9pt;""><TH>Rec</TH><TH>Type</TH><TH>Date</TH><TH>Time</TH><TH>Source</TH><TH>Category</TH><TH>Cat Strg</TH><TH>Event</TH><TH>Usr</TH><TH>Computer</TH><TH>Msg</TH></TR>"
For Each wmiRecord In wmiResultSet
dtDate = CWmiDate(wmiRecord.TimeGenerated)
dtTime = CWmiTime(wmiRecord.TimeGenerated)
i = i +1
if i mod 2 = 0 then
response.write "<TR BGCOLOR=#ffcc66>"
else
response.write "<TR BGCOLOR=lightgrey>"
end if
response.write "<TD>" & wmiRecord.RecordNumber &" </TD>" & _
"<TD>" & wmiRecord.Type & "</TD>" & _
"<TD>" & dtDate & "</TD>" & _
"<TD>" & dtTime & "</TD>" & _
"<TD>" & wmiRecord.SourceName & "</TD>" & _
"<TD>" & wmiRecord.Category & "</TD>" & _
"<TD>" & wmiRecord.CategoryString & "</TD>" & _
"<TD>" & wmiRecord.EventCode & "</TD>" & _
"<TD>" & wmiRecord.User & "</TD>" & _
"<TD>" & wmiRecord.ComputerName & "</TD>" & _
"<TD>" & wmiRecord.Message & "</TD></TR>"
Next
Response.write "</TABLE> </FONT>"
‘’ provide a link at the bottom to perform a new query...
Response.write "<DIV align=center><A HREF=eventlog.asp>New Query</a></DIV>"
‘’ Cleanup objects..
Set oNet = Nothing
Set wmiLocator =Nothing
Set wmiServices=Nothing
Set wmiResultSet = Nothing
End If
‘’ Helper functions for date and time formatting of the CIM DateTime object...
Function CWmiDate(cim_DateTime)
Dim strDateTime, iYear, iMonth, iDay
strDateTime = CStr(cim_DateTime)
iYear = CInt(Mid(strDateTime, 1, 4))
iMonth = CInt(Mid(strDateTime, 5, 2))
iDay = CInt(Mid(strDateTime, 7, 2))
CWmiDate = CDate(Join(Array(iMonth, iDay, iYear), "/"))
End Function
Function CWmiTime(cim_DateTime)
Dim strDateTime, iHours, iMinutes, iSeconds
strDateTime = CStr(cim_DateTime)
iHours = CInt(Mid(strDateTime, 9, 2))
iMinutes = CInt(Mid(strDateTime, 11, 2))
iSeconds = CInt(Mid(strDateTime, 13, 2))
CWmiTime = TimeSerial(iHours, iMinutes, iSeconds)
End Function
end if
%>
延伸阅读
文章来源于领测软件测试网 https://www.ltesting.net/