Since this article is supposed to help clear up some mysteries, or make them
more easily solved, I won't tease you into waiting for the answer. You may still
find the answer vague, though.
It's simple; you gather information!
Of course, information itself doesn't solve a computer problem. But specific
information is precisely what you need when you begin to chase down a problem.
It wasn't too long ago that we all depended on mysteries when attempting to
diagnose a problem with a Windows system. Error messages were displayed and
the only choices you had for resolving the problem were to copy down the exact
text of the error and then, begrudgingly, press "OK". Then you went
off in search of some repository that might help you turn that message into
a solution. You certainly still do that part and I'll suggest, not for the first
time, that Microsoft's Knowledge Base at http://support.microsoft.com
is the place to go first in looking for the solution.
But in the enterprise, such poor audit options as error dialogs are not acceptable.
Enterprise ready applications must be able to record or log every detail of
their actions to either the system supplied logging service or to their own
logging files. In fact, Microsoft started long ago creating application specific
text logs in carefully hidden places. Well, they weren't really hidden; users
just didn't know about them until they tripped over the casual mention of such
a log file in a Knowledge Base article. Anyone who ever had to try to uninstall
Internet Explorer 4.0, manually, knows just the kind of file I'm referring to.
Besides, on servers, where it is uncommon for someone to be logged into the
console at all times, no one is there to see a message box and click "OK"
anyway. Errors and events must be handled gracefully, off-screen and logged
for later retrieval.
And now we've come so far as to finally be able to give a farewell salute to
the Windows 95 evolution of home operating systems. With that passing, even
the Windows XP Home Edition user can depend on the system providing a centralized
logging method. Much of the things that will happen on your system, good and
bad are entered there.
If you want a look at the Windows NT style logging system in Windows 2000
or Windows XP, right click on My Computer and choose Manage from
the menu. The Computer Management MMC (Microsoft Management Console)
will open. Amongst the items displayed will be the Event Viewer tree
with its System, Application and Security logs. These are invaluable sources
of information about your system, its successes and failures. They are also
sometimes unwieldy to use. Spend a few minutes working with these logs and you
come to realize that it's a pain to track a series of errors in succession and
make much sense of them, especially if you're not in the habit of periodically
clearing the logs.
Sure, you can choose to export the logs to a file but you still jump through
a number of hoops to get the information. You'll also get to discover another
plague of good logging; sometimes there's much more there than you really want
to dig through. What you really want is limited information that is pertinent
to your problem. With this sort of information, your choices broaden in narrowing
the problem to its specific cause. (Get how that works? Your choices broaden—when
you narrow the information to only the parts you need!) I've often found solutions
in the Microsoft Knowledge Base much more easily with the information from the
event log than that presented to me by a fleeting error message.
What if there was a way for you to decide when to start monitoring the Event
Logs and capture the data yourself as it occurred? What if you wanted to
monitor another system on your own LAN at home, without actually sitting
down in front of it?
Well, as I've written before, the future of Windows administration (and that
now includes the home user) is to script! It's unfortunate that only in the
most recent years have Windows users had a real chance to script against their
systems, since most other operating systems of any importance have had the capability
since their inceptions.
Here are the requirements I decided were important for this remote log monitoring
script:
- Must accept a computer name as an argument
- Must be able to handle the absence of an argument (assumes the local system
is to be monitored)
- Must show Event Log events with the current local time, monitored system
name, and the event details on screen
- Must enter that same on-screen information to a file in the same directory
with the script
- The file should have the monitored system's name in it
- Must be useful!
Using that criterion, try the script below. Copy the text to a plain text file
and name it Win32_EventRealTime.vbs in the directory of your choice.
As with all my scripts, they are most useful (or least annoying) when executed
by CScript.exe, the command line runtime for the Windows Script Host
(WSH). In addition to WSH, you'll need to have Windows Management Instrumentation
(WMI) installed. Windows 2000 and newer versions of Windows NT (that's ALL
of you Windows XP users, too) have WMI installed already.
To run it, open a Command Console (CMD.EXE) and navigate to the directory
containing the script. Type the following at the prompt:
Cscript <drive>:\<path>\Win32_EventRealTime.vbs <optionally
enter a computer name here>
The Console's prompt will advance a line, tell you which computer's log is
being monitored and then will remain idle until some event is logged by the
system. If nothing happens for a while, it's simple, literally nothing has been
logged! Should an application fail, or some other event occur, though, trust
that you'll have it both on-screen and in your local logging file.
I find this script especially handy when I have a remote user system or a server
that is being periodically plagued with strange application or system failures.
If I can't be in front of the machine when there is a problem, at least I can
have the information about the problem in my hot little disk drive immediately.
Good luck and I hope you find this little script as handy as I do!
'====================================================================
' Win32_EventRealTime.vbs
' Author: Greg Chapman
' contact:greg@mousetrax.com
' Support: www.mousetrax.com
' Please credit the author in any reuse
'====================================================================
CONST ForReading = 1, ForWriting = 2, ForAppending = 8
Dim strSystem, objFSO, objWMI, colMonitoredEvents
Dim objLatestEvent, strAlertToSend
strSystem=SurveyHost
Set objFSO = CreateObject("scripting.FileSystemObject")
LogFile=ExecutingFrom & strSystem & "Events.txt"
wscript.echo "Monitoring Event Log on " & strSystem
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & _
strSystem & "\root\cimv2")
Set colMonitoredEvents = objWMI.ExecNotificationQuery _
("Select * from __instancecreationevent where TargetInstance isa 'Win32_NTLogEvent' ")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
strAlertToSend = Now & ", " & strSystem & ", " & _
objLatestEvent.TargetInstance.User _
& ", " & objLatestEvent.TargetInstance.EventCode & ", " _
& objLatestEvent.TargetInstance.Message
Wscript.Echo strAlertToSend
LogAction strAlertToSend
Loop
'====================================================================
Function SurveyHost()
Dim strComputer, objWshNetwork
If(WScript.Arguments.Count) Then
strComputer = WScript.Arguments.Item(0)
Else
Set objWshNetwork = WScript.CreateObject("WScript.Network")
strComputer = objWshNetwork.ComputerName
Set objWshNetwork = Nothing
End If
SurveyHost=strComputer
End Function
'====================================================================
Function ExecutingFrom()
Dim strScriptPath
strScriptPath=Left(wscript.scriptfullname, _
Len(wscript.scriptfullname)-Len(wscript.scriptname))
If Right(strScriptPath,1) <> "\" Then
strScriptPath=strScriptPath & "\"
End If
ExecutingFrom=strScriptPath
End Function
'====================================================================
Sub LogAction (strEntry)
Dim f
On Error Resume Next
set f = objFSO.OpenTextFile(LogFile, ForAppending, True, -2)
f.WriteLine strEntry
If Err <> 0 Then
Dim strErrMsg
strErrMsg="Could not write to LogFile. " & Err.Number & " " & _
err.Description & ". Attempting to write: " & strEntry
wscript.echo strErrMsg
err.clear
End If
f.close
On Error Goto 0
End Sub
'====================================================================
|
