BigBrother Scripting
I was recently asked if it was possible to monitor the Event Log for a single event and ensure that it was occurring regularly. It is rare that I handle Windows scripting and when I do I normally find myself cursing it, haha! In this case we want to ensure that a print server is constantly printing through the day, we expect that at least 1 print job will occur every 15 minutes, if not then we’d like a warning. Obviously this check should only run during work hours.
So the first step is relatively simple, access the Event Log and look for a single event by its event code.
set objWMIService = GetObject("winmgmts:\root\cimv2") set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = 10")
What we did here was grab all the events with event code of 10 (a print job!). So if we count the number of events within a range then we will have basically completed a huge part of the work.
So next step is to make an interval that will be 15 minutes back from whatever time is current.
set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime") dtmStartDate.SetVarDate DateAdd("n",-15,Now()),True
And applying that into our statement:
set colEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = 10" _ & " and TimeWritten >= '" & dtmStartDate & "'")
This means that we are now collecting the events that only occurred within the last fifteen minutes. So what next, well we need to have a statement to pass to BigBrother to indicate success or failure. Fortunately enough I have another script which monitors the cluster (thanks to the awesome DeadCat repository) and it has some code to help place the file that BigBrother collects.
const HKLM = &H80000002 strBBExtPathNew = "SOFTWARE\Quest Software\BigBrother\bbnt\ExternalPath" strBBExtPathOld = "SOFTWARE\BigBrother\bbnt\ExternalPath" set oReg = GetObject("winmgmts:\root\default:StdRegProv") oReg.GetStringValue HKLM,strBBExtPathNew,,strExtPath if isNull(strExtPath) then oReg.GetStringValue HKLM,strBBExtPathOld,,strExtPath end if if isNull(strExtPath) then WScript.Quit end if