[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [hobbit] Windows logs.

To: <hobbit (at) hswn.dk>
Subject: RE: [hobbit] Windows logs.
From: "Gerard Lill" <Gerard (at) ets.biz>
Date: Wed, 23 Nov 2005 09:32:55 -0000
Thread-index: AcXvs1CbCiJC8l/HQwGE47UjHfvNZwAXEYkA
Thread-topic: [hobbit] Windows logs.

Folks,

Attached is two files - one for parsing through a directory looking for
Log files and returning key pieces of information; the other for
searching the windows Event Log using WMI.

The Event Log parser will only work on Windows 2003 server I believe.
The support folder of a Windows 2000 server probably contains a command
line driven applet for interrogating the event log.

Hope this helps.


-Gerard

-----Original Message-----
From: ZanDAhaR [mailto:allan (at) zandahar.net] 
Sent: Tuesday, 22 November 2005 22:21
To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Windows logs.

Thomas wrote:

> Yes this is what I ended up doing. I noticed that if I do a dir /X 
> then the 8.3 format is shown, but then I ran into the next problem and

> this is wildcard filnames ie. syslog*.log as the logs are named with 
> the date in the filename. This require a total rewrite of the 
> bb-msgs.pl script as far as I could see.
>
> So I told the managers that this was not possible given the timeframe 
> on a windows box. :-( no happy about it.
>
> Thanks for replying.
>
> /Thomas
>
> ZanDAhaR wrote:
>
>> Thomas wrote:
>>
>>> Hi !
>>> Any of you had to monitor logs on a windows box where the file is 
>>> located in a directory with spaces in ?
>>>
>>> bb-msgs.pl version 1.1 breaks if I try.
>>>
>>> /Thomas
>>>
>>>
>>> To unsubscribe from the hobbit list, send an e-mail to
>>> hobbit-unsubscribe (at) hswn.dk
>>>
>>>
>> Have you tried taking out the space ? Convert the folder to dos 8.3 
>> format so for eg Program Files ends up being progra~1   Everything 
>> gets truncated to 6 chars + ~1. I know its Perl and not dos but it 
>> cant hurt to try :)
>>
>> Allan
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe (at) hswn.dk
>>
>>
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe (at) hswn.dk
>
>
I'm sure someone else could help you out with the perl expression but I 
think maybe it should be %syslog* or something. I'm not a perl junkie so

dont take my word as gospel :)

HTH

Allan

To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk

'******************************************************************************
' Script to check current status of Veritas through the event viewer
' If event is an error or job has been running for an excessive amount of time show in hobbit
' Created by Kevin Cooper Nov 08 2005
' Property of Eclipse Technology Services Ltd http://www.ets.biz
'******************************************************************************
'*********   Declarations *********
'
Dim FSO, colDisks, objDisks, LogFile, EventCode, EventMessage, EventDate, objWMIService, Colour, Output
Set FSO = CreateObject("Scripting.FileSystemObject")
Const strComputer = "."
Const LogDir = "C:\BB\tmp\"

Const JobRedHours = 5
Const JobYellowHours = 3

CreateLog("veritas")  '***********  Open log file for writing, call to subroutine  ********** 


Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & _
"\root\cimv2")

Set colDisks = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE SourceName = ""Backup Exec""")

For each objDisk in colDisks
	EventCode = objDisk.EventCode
	EventMsg = objDisk.Message
	EventDate = GetVBDate(objDisk.TimeGenerated)
	exit for
Next

select case EventCode

'############### WARNINGS ###############
	case 34338 ' Catalog Error
		Colour = "red "

	case 57348 ' Database Maintenance Failure
		Colour = "red "

	case 58053 ' Device Error
		Colour = "red "

	case 57751 ' IDR Copy Failed
		Colour = "red "

	case 34114 ' Job Cancellation
		Colour = "red "

	case 34113 ' Job Failed
		Colour = "red "

	case 58057 ' Media Error
		Colour = "red "

	case 34578 ' Software Update Error
		Colour = "red "

	case 65314 ' Tape Alert Error
		Colour = "red "


'###############QUESTIONS###############
	case 58056 ' Device Intervention
		Colour = "red "

	case 58064 ' Library Insert
		Colour = "red "

	case 58061 ' Media Insert
		Colour = "red "

	case 58060 ' Media Intervention
		Colour = "red "

	case 58062 ' Media Overwrite
		Colour = "red "

	case 58063 ' Media Remove
		Colour = "red "


'###############ALERTS###############
	case 57753 ' Backup Job Contains No Data
		Colour = "red "

	case 58054 ' Device Warning
		Colour = "red "

	case 34580 ' Install Warning
		Colour = "red "

	case 57755 ' Job Completed with Exceptions
		Colour = "yellow "

	case 33919 ' Job Warning
		Colour = "red "

	case 58058 ' Media Warning
		Colour = "red "

	case 34577 ' Software Update Warning
		Colour = "red "

	case 65313 ' Tape Alert Warning
		Colour = "red "


'############### INFO ###############
	case 57347 ' Database Maintenance Information
		Colour = "green "

	case 58055 ' Device Information
		Colour = "green "

	case 57345 ' General Information
		Colour = "green "

	case 57752 ' IDR Full Backup Success
		Colour = "green "

	case 34579 ' Install Information
		Colour = "green "

	case 57756 ' Job Start
		Dim JobLength
		JobLength = DateDiff("h", EventDate, Now)

		if JobLength <= JobYellowHours then
			Colour = "green "

		elseif JobLength <= JobRedHours then
			Colour = "yellow "

		else
			Colour = "red "
		end if

	case 34112 ' Job Success
		Colour = "green "

	case 57743 ' Job Success - Veritas 8.5
		Colour = "green "

	case 58059 ' Media Information
		Colour = "green "

	case 57796 ' Service Start
		Colour = "green "

	case 57797 ' Service Stop
		Colour = "green "

	case 34576 ' Software Update Information
		Colour = "green "

	case 65312 ' Tape Alert Information
		Colour = "green "

	case else  ' No Valid Findings
		Colour = "red "
		Output = "INVALID EVENT ID - " & EventCode & vbcrlf
end select

select case Colour
	case "red "
		Output = "&red " & EventDate & " " & Output & EventMsg

	case "yellow "
		Output = "&yellow " & EventDate & " " & Output & EventMsg

	case "green "
		Output = "&green " & EventDate & " " & Output & EventMsg

end select

'
'############### WRITE FINDINGS TO LOG '###############
'
Output = Colour & WeekdayName(Weekday(Now),True) & " " & Mid(Now,1,InStr(Now," ")-1) & " " & TimeValue(Now) & " Veritas Status" & vbCrLf & Output

Logfile.WriteLine Output

LogFile.Close ' Close log file


'############### Subroutines ###############

Function GetVBDate(wd)
  GetVBDate = DateSerial(left(wd,4),mid(wd,5,2),mid(wd,7,2)) _
       + TimeSerial(mid(wd,9,2),mid(wd,11,2),mid(wd,13,2))
End Function

Sub CreateLog(txtlog)
txtlog = LogDir & txtlog
 If FSO.FileExists(txtlog) Then
  Set Logfile = FSO.OpenTextFile(txtlog, 2)
 Else
  Set LogFile = FSO.CreateTextFile(txtlog, True)
 End If
End Sub'

'******************************************************************************
' Script to check current status of log files in a given directory
' A parse for interesting information is run.
' Created by Kevin Cooper Nov 08 2005
' Property of Eclipse Technology Services Ltd http://www.ets.biz
'******************************************************************************
'*********   Declarations *********
'
Dim FSO, BackUpSuccess, LogFile, OutputFilePath, DaysOfWeek, strFirstInstance, BackupDate, Colour, Output, txtStream
Set FSO = CreateObject("Scripting.FileSystemObject")
Const LogDir = "C:\BB\tmp\"

Const HBLogsDir = "LOGS DIRECTORY HERE"

DaysOfWeek = array("Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday")
Colour = "green "

CreateLog("hbup")  '***********  Open log file for writing, call to subroutine  ********** 



Set SearchFolder = FSO.GetFolder(HBLogsDir)
Set FileColl = SearchFolder.Files

For Each File in FileColl
	if Right(File.name, 4) = ".log" And File.name <> "System.log" then
		Set txtStream = fso.Opentextfile(HBLogsDir & File.Name)

		do while not (txtStream.atEndofStream)

			text = txtStream.ReadLine & vbCrlf

			'*** Checks line for search string
			if (InStr(text,"Status:")>0)  or (InStr(text,"Status :")>0) then
				if (InStr(text, "SUCCEEDED")) then
					BackUpSuccess = True
				else
					BackUpSuccess = False
				end if
			end if

			if (InStr(text,"STATUS OPERATION 0")>0) then
				for i = 0 to 6
					strFirstInstance = InStr(text, DaysOfWeek(i))
					if strFirstInstance > 0 then 
						BackupDate = Mid(text, strFirstInstance, Len(Text) - strFirstInstance - 2)
					end if				
				next
			end if
		loop

		if BackupSuccess then
			Output = Output & "&green Backup " & File.Name & " was successful on " & BackupDate & vbcrlf
		else
			Colour = "red "
			Output = Output & "&red Backup " & File.Name & " failed on " & BackupDate & vbcrlf
		end if
	end if
Next



'
'############### WRITE FINDINGS TO LOG '###############
'
Output = Colour & WeekdayName(Weekday(Now),True) & " " & Mid(Now,1,InStr(Now," ")-1) & " " & TimeValue(Now) & " Backup Status" & vbCrLf & Output

Logfile.WriteLine Output

LogFile.Close ' Close log file


'############### Subroutines ###############

Sub CreateLog(txtlog)
txtlog = LogDir & txtlog
 If FSO.FileExists(txtlog) Then
  Set Logfile = FSO.OpenTextFile(txtlog, 2)
 Else
  Set LogFile = FSO.CreateTextFile(txtlog, True)
 End If
End Sub

Follow-Ups:
- Re: [hobbit] Windows logs.
  - From: Jeff Stuart

Prev by Date: traceroute
Next by Date: Re: [hobbit] Question on Alert Notifications
Previous by thread: Re: [hobbit] traceroute
Next by thread: Re: [hobbit] Windows logs.
Index(es):
- Date
- Thread