Milind,
This will work for you. You have to save this as a *.vbs
file extension.
----
dim iEventCode
iEventCode = 414
if (Wscript.Arguments.Count = 1) then
iEventCode = Wscript.Arguments(0)
end if
dim sMessage
Set EventSet = GetObject("winmgmts:").ExecQuery("select *
from Win32_NTLogEvent where EventCode=" & iEventCode)
if (EventSet.Count = 0) then WScript.Echo "No Events"
for each LogEvent in EventSet
sMessage = "Event Number: " &
LogEvent.RecordNumber & chr(13)
sMessage = sMessage & "Log File: " &
LogEvent.LogFile & chr(13)
sMessage = sMessage & "Type: " & LogEvent.Type
& chr(13)
sMessage = sMessage & "Message: " &
LogEvent.Message & chr(13)
sMessage = sMessage & "Time: " &
LogEvent.TimeGenerated & chr(13)
WScript.Echo sMessage
next
------------
Using displayEventIDsbyCode.vbs
The script displayEventIDsbyCode.vbs, uses WMI to extract
specific events from the event logs. This sample script
doesn't look for an event in a particular event log but
rather looks up the event ID in all logs. The script
displays the results to the user.
To use this script, simply execute it and pass it the
event ID that you want to retrieve as a parameter. For
example, to search for event ID 0, type
displayEventIDsbyCode 0
at the command prompt. To search for event ID 414, type
displayEventIDsbyCode 414
at the command prompt. The iEventCode variable, which
callout A in Listing 1 shows, sets the EventCode property
in the script.
When the script executes, it displays a separate dialog
box that shows each event you searched for that the script
found in the logs.
James Lorenzana
ICON
