Get Windows Event Log Information

by Len Parov.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on microsoft os family  

You are here: Categories » Computers and technology » Microsoft OS family

Need to check on the size and configuration settings of your event logs? Use this script instead of the GUI; it's faster!

Monitoring event logs is an essential part of an administrator's job. Unfortunately, viewing event log settings and log file sizes from the GUI is cumbersome, and it would be useful to have an easier way to obtain this information.

That's exactly what this hack is all about. You can run the script on Windows NT/2000 and later to obtain the current file size, maximum file size, and number of records, and you can overwrite settings on the Application, System, and Security logs.

The Code

Type the following script into Notepad (make sure Word Wrap is disabled) and save it with a .vbs extension as loginfo.vbs.

Option Explicit
On Error Resume Next
Dim strMoniker
Dim refWMI
Dim colEventLogs
Dim refEventLog
Dim strSource
 
'moniker string stub - security privilege needed to get
'numrecords for Security log
strMoniker = "winMgmts:{(Security)}!"
 
'append to moniker string if a machine name has been given
If WScript.Arguments.Count = 1 Then _
strMoniker = strMoniker & "\\" & WScript.Arguments(0) & ":"
 
'attempt to connect to WMI
Set refWMI = GetObject(strMoniker)
If Err <> 0 Then
WScript.Echo "Could not connect to the WMI service."
WScript.Quit
End If
 
'get a collection of Win32_NTEventLogFile objects
Set colEventLogs = refWMI.InstancesOf("Win32_NTEventLogFile")
If Err <> 0 Then
WScript.Echo "Could not retrieve Event Log objects"
WScript.Quit
End If
 
'iterate through each log and output information
For Each refEventLog In colEventLogs
WScript.Echo "Information for the " & _
refEventLog.LogfileName & _
" log:"
WScript.Echo " Current file size: " & refEventLog.FileSize
WScript.Echo " Maximum file size: " & refEventLog.MaxFileSize
WScript.Echo " The Log currently contains " & _
refEventLog.NumberOfRecords & " records"
 
'output policy info in a friendly format using OverwriteOutDated,
'as OverWritePolicy is utterly pointless.
'note "-1" is the signed interpretation of 4294967295
Select Case refEventLog.OverwriteOutDated
Case 0 WScript.Echo _
" Log entries may be overwritten as required"
Case -1 WScript.Echo _
" Log entries may NEVER be overwritten"
Case Else WScript.Echo _
" Log entries may be overwritten after " & _
refEventLog.OverwriteOutDated & " days"
WScript.Echo
End Select
Next
 
Set refEventLog = Nothing
Set colEventLogs = Nothing
Set refWMI = Nothing

Running the Hack

To run the script, use Cscript.exe, the command-line version of the Windows Script Host (WSH). Simply type cscript loginfo.vbs at a command prompt from the directory in which the script resides. Here is a sample of typical output when the script runs on a Windows 2000 machine:

C:\>cscript loginfo.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
 
Information for the Security log:
 Current file size: 65536
 Maximum file size: 524288
 The Log currently contains 166 records
 Log entries may be overwritten after 7 days
 
Information for the Application log:
 Current file size: 524288
 Maximum file size: 524288
 The Log currently contains 2648 records
 Log entries may be overwritten as required
 
Information for the System log:
 Current file size: 524288
 Maximum file size: 524288
 The Log currently contains 2648 records
 Log entries may be overwritten after 7 days
Note that when you run this script on a domain controller it displays information concerning the Directory Service, File Replication Service, and DNS logs as well.
Share
Leave a comment or ask a question
Total comments: 0

Microsoft OS family Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Designing Active Directory for Exchange Server 2007 - Active Directory (AD) is a necessary and fundamental component of any Exchange 2007 implementation. That said, organizations do not necessarily need to panic about setting up Active Directory in (more...)
Delegate Control of an OU to a User - Rather than use the Delegation of Control Wizard, use this script to delegate authority over an organizational unit (OU) to a particular user. By delegating administrative responsibilit (more...)
Automatically Windows Log On After Booting - It's sometimes convenient to configure machines to log on automatically when booted. Here are three ways to do this. In all versions of Windows that are based on Windows NT (including W (more...)
Bit Mapped Graphics - Windows marked the transition of the primary operating mode of PC display systems. From character-based displays, Windows ushered in the age of the bit-mapped display. Bit-mapped graphics (more...)
The Evolution of Microsoft Windows ~ Windows XP 64 bit Editions - The CPU story is not over, however. The need for processors capable of handling far more than 4GB of memory has led to development of two competing 64-bit architectures. Intel developed and pro (more...)
MS DOS Alternatives - IBM and several other PC manufacturers all sold customized versions of Microsoft's MS-DOS, and that there was a competitor called DR-DOS. Gary Kildall, whom we left several pages ago sp (more...)
DOS Extenders - A few powerful DOS programs broke the normal DOS rules and were able to leap into protected mode and take advantage of its vast addressing range. They are able to stretch into extended memory us (more...)
SharePoint - The recent adoption of the web and web-related technologies makes portal technologies an obvious choice. Because portal technologies are web-based, decision makers can access important informatio (more...)
Printing from DOS Applications - If you are still using MS-DOS applications, printing is one of the more problematic areas. Many modern inexpensive inkjet and laser printers don’t support output from DOS programs beca (more...)
Snow Leopard Improves Mac Integration with Microsoft Exchange - Apple is set to release their new version of OSX, the operating system known as Snow Leopard, in September. They have said that the 10.6 version of the OS is not so much a replacement for 10.5 (Leo (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.