I want to create VBScript code to retrieve specifically error type logs from Windows Event Viewer, save them in a .txt file, and transfer it via FTP or just direct copy.
How can I achieve this?
I've been doing some reading and stumbled upon these pages:
Main question, Eventquery.vbs info and Copy file to remote computer.
But I just don't understand how to do this process as a whole.
You can very easily do this by launching power shell.
A simple way to filter event logs for errors in powershell is
Get-EventLog -LogName APPLICATION -EntryType Error
You could easily make this a part of batch script or vbscript if needed.
To re-direct it to a text file, yon can use the following:
Get-EventLog -LogName APPLICATION -EntryType Error > Result.txt
Then, you need to upload the text file to FTP
You can query the Event Log using a WMI query. Here is information about the specific class.
Without knowing exactly what you're looking for, let's assume you wanted to search the Application event logs and record any event id 1003. I use On Error Resume Next as a quick fix so it doesn't error out if a field doesn't contain data.
On Error Resume Next
LOG_FILE = "temp.txt"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent WHERE LogFile='Application'")
For Each objEvent in colItems
If objEvent.EventCode = 1003 Then
writeLog "Category: " & objEvent.Category
writeLog "Category String: " & objEvent.CategoryString
writeLog "Computer Name: " & objEvent.ComputerName
writeLog "Data: " & objEvent.Data
writeLog "Event Code: " & objEvent.EventCode
writeLog "Event Identifier: " & objEvent.EventIdentifier
writeLog "Insertion Strings: " & objEvent.InsertionStrings
writeLog "Logfile: " & objEvent.Logfile
writeLog "Message: " & objEvent.Message
writeLog "Record Number: " & objEvent.RecordNumber
writeLog "Source Name: " & objEvent.SourceName
writeLog "Time Generated: " & objEvent.TimeGenerated
writeLog "Time Written: " & objEvent.TimeWritten
writeLog "Type: " & objEvent.Type
writeLog "User: " & objEvent.User
writeLog ""
End If
Next
Sub writeLog(strText)
Dim objFSO, objLogFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile(LOG_FILE, 8, True)
objLogFile.WriteLine strText
objLogFile.Close
Set objLogFile = Nothing
Set objFSO = Nothing
End Sub
In Event Viewer, you can go to Custom Views, Administrative Events on the left. It has Critical, Error, and Warning (level 1,2, and 3) events from 72 different logs (the windows api has a 256 logname query limit). I assume these are the most important logs. You can click "Save All Events in Custom View As..." on the right, and pick your format: evtx, xml, txt, or csv. I get about 4000 events on my computer.
If you're willing to dig into powershell, you can search all logs for errors since a certain time with a foreach loop. "-ea 0" is short for "-erroraction silentlycontinue".
$a = get-winevent -listlog * | foreach { get-winevent @{
logname = $_.logname;
starttime = '5/2/2020 12:53 pm'; level = 1,2,3 } -ea 0 } |
where message -match 'whatever'
$a.count
67
$a | export-csv file.csv
this line
For Each objEventin colItems
must correct like this For Each objEvent in colItems
