strComputer = "."
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & _
strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecNotificationQuery _
("Select * From __InstanceCreationEvent Where " _
& "TargetInstance isa 'Win32_NTLogEvent'")
Do
Set objEvent = colEvents.NextEvent
If InStr(LCase(objEvent.TargetInstance.Message), "특정단어") Then
Wscript.Echo Now
Wscript.Echo "Category: " & objEvent.TargetInstance.Category
Wscript.Echo "Event Code: " & objEvent.TargetInstance.EventCode
Wscript.Echo "Message: " & objEvent.TargetInstance.Message
Wscript.Echo "Record Number: " & objEvent.TargetInstance.RecordNumber
Wscript.Echo "Source Name: " & objEvent.TargetInstance.SourceName
Wscript.Echo "Event Type: " & objEvent.TargetInstance.Type
Wscript.Echo
End If
Loop
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & _
strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecNotificationQuery _
("Select * From __InstanceCreationEvent Where " _
& "TargetInstance isa 'Win32_NTLogEvent'")
Do
Set objEvent = colEvents.NextEvent
If InStr(LCase(objEvent.TargetInstance.Message), "특정단어") Then
Wscript.Echo Now
Wscript.Echo "Category: " & objEvent.TargetInstance.Category
Wscript.Echo "Event Code: " & objEvent.TargetInstance.EventCode
Wscript.Echo "Message: " & objEvent.TargetInstance.Message
Wscript.Echo "Record Number: " & objEvent.TargetInstance.RecordNumber
Wscript.Echo "Source Name: " & objEvent.TargetInstance.SourceName
Wscript.Echo "Event Type: " & objEvent.TargetInstance.Type
Wscript.Echo
End If
Loop
물론 응용을 하면 매우 다양하게 쓸수가 있습니다. 이를테면,. 특정 이벤트 코드나 원본이라든가 말이죠..^^
WMI를 이용한 이벤트로그 모니터링
http://www.serverinfo.pe.kr/TipnTech.aspx?Seq=256
03-Microsoft_TechNet.gif
댓글 없음:
댓글 쓰기