监控windows的事件
2009-05-13 19:35
232 查看
我用了一个下午完成了对于Windows的事件的监控,这个程序可以套用任何已知事件id的监控上,例如程序监控的是:318的事件。 然后调用我自己写的控制台程序,发送短信息:monitor Const ForAppending = 8
i=0
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile("d:\powershell\monitor.txt")
Set objTextFile = objFSO.OpenTextFile _
("d:\powershell\monitor.txt", ForAppending, True) Const CONVERT_TO_LOCAL_TIME = True
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime") DateToCheck = Date
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME
dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where EventCode = '318' and TimeWritten >='" & DateToCheck & "'")
objTextFile.WriteLine( "count: " & i)
For each objEvent in colEvents
i=i+1
objTextFile.WriteLine( objEvent.Category)
objTextFile.WriteLine( "Computername: " & objEvent.ComputerName)
objTextFile.WriteLine( "Event code: " & objEvent.EventCode)
objTextFile.WriteLine( "message: " & objEvent.Message)
objTextFile.WriteLine( "event type: " & objEvent.Type)
objTextFile.WriteLine( "TimeWritten: " & objEvent.TimeWritten)
objTextFile.WriteLine( "count: " & i)
Next
set ws=wscript.createobject("wscript.shell")
if(i>0) then
ws.run "cmd /c monitor.exe B 外呼系统的Com+错误请及时处理"
end if objTextFile.Close
i=0
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile("d:\powershell\monitor.txt")
Set objTextFile = objFSO.OpenTextFile _
("d:\powershell\monitor.txt", ForAppending, True) Const CONVERT_TO_LOCAL_TIME = True
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime") DateToCheck = Date
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME
dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where EventCode = '318' and TimeWritten >='" & DateToCheck & "'")
objTextFile.WriteLine( "count: " & i)
For each objEvent in colEvents
i=i+1
objTextFile.WriteLine( objEvent.Category)
objTextFile.WriteLine( "Computername: " & objEvent.ComputerName)
objTextFile.WriteLine( "Event code: " & objEvent.EventCode)
objTextFile.WriteLine( "message: " & objEvent.Message)
objTextFile.WriteLine( "event type: " & objEvent.Type)
objTextFile.WriteLine( "TimeWritten: " & objEvent.TimeWritten)
objTextFile.WriteLine( "count: " & i)
Next
set ws=wscript.createobject("wscript.shell")
if(i>0) then
ws.run "cmd /c monitor.exe B 外呼系统的Com+错误请及时处理"
end if objTextFile.Close
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- vs2010 创建windows服务( Asp.net(C#) windows 服务 用于实现计划任务,事件监控等)
- WINDOWS键盘事件监控原理及应用
- Zabbix监控Windows事件日志
- vs2010 创建windows服务( Asp.net(C#) windows 服务 用于实现计划任务,事件监控等)
- .NET拾忆:EventLog(Windows事件日志监控)
- 使用SetWindowsHookEx监控Windows全局鼠标事件
- Asp.net(C#) windows 服务{用于实现计划任务,事件监控等}
- WINDOWS键盘事件的挂钩监控原理
- syslog系统日志、Windows事件日志监控
- WINDOWS事件监控, 网站异常
- WINDOWS键盘事件的挂钩监控原理及其应用技术
- Asp.net(C#) windows 服务{用于实现计划任务,事件监控等}
- 建立一个windows服务(可用于实现计划任务,事件监控..) .NET
- Windows/Linux用户态监控进程启动事件方法
- Asp.net(C#) windows 服务{用于实现计划任务,事件监控等}
- Windows键盘事件监控原理及应用
- WINDOWS键盘事件的挂钩监控原理及其应用技术
- Windows键盘事件监控原理及应用
- windows 监控登录事件
- Asp.net(C#) windows 服务{用于实现计划任务,事件监控等}