WMIC event viewer script

R

rschneid76

Hello all,

Am trying to get a script using WMIC commandline that outputs the
eventviewer of a certain server on a certain date. So far I have
this..

WMIC /node:"myserver" NTEVENT WHERE "EventType<3 AND LogFile !=
'Security' AN
D TimeGenerated = '20050330'" GET LogFile, SourceName, EventType,
Message, TimeGenerated /FORMAT:htable >c:\mysystem.htm

but as the TimeGenerated is in a different format my queries for that
date come up empty. Just wondering if anyone has any ideas how i can
format it so i can get a normal datetime output? I am assuming i have
to modify the select statement somehow with a function, but i havent
found anything about this in my searches of the web. Any help would be
greatly appreciated!! thanks

caraculo4
 
Y

yimin wei

You need to use UTC format for the time format. Also, you need to use a
range for the TimeGenerated not equal sign. So the time part is like

TimeGenerated > '20050330000000.000000-240' and TimeGenerated <
'20050331000000.000000-240'

This would query for the events on 3/30/2005. Note that the -240 is the bias
for Eastern Time Zone. You need to adjust it for other time zones.
 
D

djnik33

Joined
Aug 9, 2006
Messages
1
Reaction score
0
Windows 2003

You have not said if it is a windows 2003 server but if it is then tyry this

Command line
cscript //h:cscript /s

Then run a command called

Eventquery

This will provide you with a greater degree of flexability than WMIC as it has an easier command structure

eg

Eventquery /v /l system /fi "type eq error" /fi "source eq eventlog" /fi "datetime eq mm\dd\yy" /fo csv >> c:\errors.csv

This will display in a CSV file any ERRORS from EVENTLOG on a said date. This type of error is normally associated with unexpected system shutdowns. The beaty of this is that the previous info in the CSV file is appendd not overwriiyen so you could run this daily and keep al instances. You will need to fins a way to change the datetime parameter to do this automatically. Removing the /v cuts down the output to just the log not its detailed info.

Check eventquery /? for full options
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WMI Reports a different time than the Event Viewer 1
Errors in Event Viewer 4
create calendar event using external data 1
Incorrect Function error 3
Event Viewer System Log Error #51 and #50 2
tscmd35.zip Useful NT/2000/XP script tricks and tips 0
Help... event viewer errors 2
winzip - rondebruin's instructions 7

Top