3. Select Start|Run and enter “kix32 scriptfile”. Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following: $RCODE = BackUpEventLog ("Security", "C:\BACKUP.EVT") If @ERROR <> 0 or $RCODE <> 0 ? "Error backing up log" End If Clearing the Event Log ClearEventLog is a KiXtart command that allows you to clear the contents of an event log. The basic syntax for using the ClearEventLog command is as follows: ClearEventLog ("logtype") Tip You can clear the event log of a remote computer by including the UNC path before the log type, for example: ClearEventLog ("\\computer\Security") Here, logtype is the type of log to clear (Application, System, or Security). To clear the event log using KiXtart, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and extract the latest version of KiXtart, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “kix32 scriptfile”. Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following: $RCODE = ClearEventLog ("Security") If @ERROR <> 0 or $RCODE <> 0 ? "Error clearing the event log" End If Using Logs with Windows Script Host Windows Script Host allows you to write events to a text log and the event log using simple script files. This allows you to store critical events in the event log, while storing less severe events to a text log. Note Windows Script Host does not contain any methods to read or modify events in the event log. Writing to Text Logs Text logs provide an easy way to record events and share the file with others, regardless of operating system. To log an event to a text log using Windows Script Host, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next Set FSO = CreateObject("Scripting.FileSystemObject") txtlog = "textlog" If FSO.FileExists(txtlog) Then Set LogFile = FSO.OpenTextFile(txtlog, 8) Else Set LogFile = FSO.CreateTextFile(txtlog, True) End If LogFile.WriteLine Date & " " & Time & " message" LogFile.Close Here, message is the alert message to log, and textlog is the complete path and file name of the log file. Related solution: Found on page: Appending Text Files 81 Writing an Event to the Event Log You can use Wscript.Shell’s LogEvent method to write events to the event log. The basic syntax for using the LogEvent method is as follows: LogEvent(type,event,computer) Note All events are stored in the application log, and cannot be redirected to the system or security logs. Here, event is the text event entry; computer is an optional parameter specifying the name of a remote system to write events to; and type specifies one of the following event types: SUCCESS (0) ERROR (1) WARNING (2) INFORMATION (4) AUDIT_SUCCESS (8) AUDIT_FAILURE (16) Tip You can use the corresponding numbers, as opposed to key words, to specify event types. When you use LogEvent to create an event log entry, the following is recorded: Category—Logged as None Computer—The name of the target computer Date—Date the event was written Event—Logged as 0 Source Type—Logged as WSH Time—Time the event was written Type—Type of event entry User Name—Logged as N/A Here is a subroutine to write an event: Sub WriteLog(Ltype, Ldesc) On Error Resume Next Set SHELL = CreateObject("WScript.Shell") LEvent = SHELL.LogEvent(Ltype, Ldesc) If Err.Number <> 0 Or LEvent = False Then Wscript.Echo "Error writing event" End If End Sub Note Because Windows 9x does not contain an event log, all written events will be stored in %WINDIR%\wsh.log. Here, ltype is the type of event, and ldesc is the event text to write. Using the following command combined with the subroutine above will write a success event to the event log: WriteLog 0, "This stuff is cool!" Accessing the Event Log Using WMI The Win32_NTLogEvent class manages the event logs on Windows NT/2000 systems. Through this class, you can view, write, modify, delete, and back up the event log through simple scripts. Backing Up an Event Log in Binary Mode The BackupEventLog method allows you to back up an event log to a file in standard event log binary format. To create a backup of the event log in standard event log binary format using WMI, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of WMI and Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next Set FSO = CreateObject("Scripting.FileSystemObject") LogType = InputBox("Enter the log to backup", "Log Type" , "application") BFile = InputBox("Enter file to backup to", "Backup File" , "C:\BACKUP.LOG") If FSO.FileExists(BFile) Then FSO.DeleteFile BFile End If Set EventLog = GetObject("winmgmts:{impersonationLevel= impersonate,(Backup)}").ExecQuery("select * from Win32_NTEventLogFile where LogfileName='" & LogType & "'") For each Entry in EventLog Entry.BackupEventLog BFile Next Wscript.Echo "Done" Note The highlighted code above must be placed on one line. The (Backup) privilege is explicitly included in the example above to allow you to use the BackUpEventLog method. Here, LogType is the event log to back up (application, security, or system), and Bfile is the complete path and filename to back up to. Backing Up the Entire Event Log in Text Mode In the previous sections, you learned that the BackUpEventLog method and the Dumpel utility back up the event log to a text file in binary format. Although this format conforms to the standard event log storage format, it does not allow you to easily view the contents of the backup. To create a backup of the event log in plain-text, tab-delimited format using WMI, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of WMI and Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next Set EventLog = GetObject("winmgmts:{impersonationLevel= impersonate}").ExecQuery("select * from Win32_NTLogEvent") Set FSO = CreateObject("Scripting.FileSystemObject") Set txt = FSO.CreateTextFile("textfile", True) For each Entry in EventLog If Len(Entry.Message) > 0 Then For x = 1 to Len(Entry.Message) Char = Mid(Entry.Message,x,1) If Asc(Char) = 10 Then MSG = MSG & " " ElseIf Asc(Char) <> 13 Then MSG = MSG & Char End If Next EDate = Mid(Entry.TimeGenerated,5,2) & "/" & _ Mid(Entry.TimeGenerated,7,2) & "/" & _ Mid(Entry.TimeGenerated,1,4) ETime = Mid(Entry.TimeGenerated,9,2) & ":" & _ Mid(Entry.TimeGenerated,11,2) & ":" & _ Mid(Entry.TimeGenerated,13,2) ETime = FormatDateTime(ETime,3) If IsNull(Entry.User) Then User = "N/A" Else User = Entry.User End If If IsNull(Entry.CategoryString) Then Category = "none" Else Category = Entry.CategoryString End If EVT = Entry.LogFile & VBtab & _ Entry.Type & VBtab & _ EDate & VBtab & _ ETime & VBtab & _ Entry.SourceName & VBtab & _ Category & VBtab & _ Entry.EventCode & VBtab & _ User & VBtab & _ Entry.ComputerName & VBtab & _ MSG txt.writeline EVT EVT = Null Char = Null MSG = Null End If Next txt.close Wscript.echo "Done" Note The highlighted code above must be placed on one line. Here, textfile is the complete path and file name to back up the event log to. Clearing an Event Log The ClearEventLog method allows you to clear individual event log entries. To clear the entire contents of an event log using WMI, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of WMI and Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next LogType = InputBox("Enter the log to clear", "Clear Log" , "application") Set EventLog = GetObject("winmgmts:{impersonationLevel= impersonate}").ExecQuery("select * from Win32_NTEventLogFile where LogfileName='" & LogType & "'") For each Entry in EventLog Entry.ClearEventlog() Next Wscript.Echo "Done" Note The highlighted code above must be placed on one line. Here, LogType is the event log to clear (Application, Security, or System). Sending Alerts Using Shell Scripting Shell scripting does not include a method to send alerts from the command line. Microsoft Windows includes the NET.EXE utility to allow you to send messages to users or computers over the network. Sending Alerts to a Single User or Computer To send a message over the network, start a command prompt and enter the following: NET SEND name message Note NetBIOS messages have a maximum limit of 128 characters. Here, message is the message to send, and name is the NetBIOS name of a computer or user ID. Sending Alerts to Multiple Users and Computers You can also use the asterisk symbol (*) to send messages to all computers on the local network: Net Send * message Here, message is the message to send. As opposed to specifying a name or asterisk, you can use one of the following commands to send messages to multiple users or computers: /DOMAIN—Sends a message to the local domain /DOMAIN:name—Sends a message to a specified domain /USERS—Sends messages to users connected to the server Here is an example to send a message to the JESSEWEB domain: Net Send /DOMAIN:JESSEWEB message Note Sending messages to the entire network or domain will not only utilize a good portion of your network’s bandwidth but it is also annoying to all the other users. Sending Alerts to Specific Multiple Users and Computers Although the Net Send command contains methods to send messages to multiple users, it does not contain a method to send messages to specific user and computer names. To send an alert to an exact list of user or computer names using shell scripting, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Select Start|Run and enter “scriptfile.bat”. Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following: @Echo Off For /F %%N in (textfile) Do (Echo Sending Message to %%N… & Net Send %%N Message) Note The highlighted code above must be placed on one line. Here, textfile is the name of a text file with each line containing a user or computer name, and message is the message to send. Sending Alerts Using KiXtart KiXtart includes a command called SendMessage that allows you to send NetBIOS messages to users or computers over the network. This command transports messages in a similar fashion to the Microsoft NET.EXE utility. Sending Alerts to a Single User or Computer To send an alert to a single user using KiXtart, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and extract the latest version of KiXtart, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “kix32 scriptfile”. Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following: $RCODE = SENDMESSAGE ("name", "message") If @ERROR <> 0 or $RCODE <> 0 ? "Error sending message" End If Here, name is the user or computer name to send a message to. Sending Alerts to Multiple Users or Computers To send an alert to multiple users using KiXtart, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and extract the latest version of KiXtart, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “kix32 scriptfile”. Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following: $COUNT = 4 ; User Array Count DIM $NAME[$COUNT] ; User Array $NAME[0] = "name1" $NAME[1] = "computer1" $NAME[2] = "computer2" $NAME[3] = "name2" $NETMESSAGE = "This is a test message." $Index = 0 WHILE $Index <> $COUNT $RCODE = SENDMESSAGE ($NAME[$Index], $NETMESSAGE) If @ERROR <> 0 or $RCODE <> 0 ? "Error sending message" End If $Index = $Index + 1 LOOP Here, $count is the size of the array. This is the number of users you want to send messages to. This number must exactly match the number of users that you send messages to, or an error will result. $name is the array that holds the user or computer names to send messages to, and $netmessage is the message to send. Note The array size is limited to the amount of memory the system has. Remember, the contents of an array start at 0, not at 1. Using versions older than KiXtart 3.62 will cause a script error when attempting to create an array. Sending Alerts Using Windows Script Host Windows Script Host does not include any methods to send messages to users or computers. Through Windows Script Host, you can call upon the NET.EXE utility or use automation to send messages. Sending an Alert to a Single User or Computer To send an alert to a single user or computer using WSH, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next Set Shell = CreateObject("Wscript.Shell") RCV = "name" MSG = "message" SHELL.Run "Net Send " & Name & " " & MSG, 0, False Here, RCV is the user or computer name to send a message to, and MSG is the message to send. Sending Alerts to Multiple Users or Computers To send an alert to multiple user or computer names using WSH, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next Set Shell = CreateObject("Wscript.Shell") Dim Name(2) Name(0) = "name1" Name(1) = "name2" MSG = "message" For X = 0 to UBound(Name) SHELL.Run "Net Send " & Name(X) & " " & MSG, 0, False Next Here, Name is the array that holds the user or computer names to send messages to. The size of this array should be equal to the number of users or computers you want to send messages to. MSG is the message to send. Sending an Email Using Outlook Automation To send an email using Outlook automation, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next RCP = "emailaddress" SUB = "subject" MSG = "message" Set Outlook = CreateObject("Outlook.Application") Set MAPI = Outlook.GetNameSpace("MAPI") Set NewMail = Outlook.CreateItem(0) NewMail.Subject = SUB NewMail.Body = MSG NewMail.Recipients.Add RCP MAPI.Logon "profile", "password" NewMail.Send MAPI.Logoff Here, RCP stores the email address to email; SUB is the email subject; MSG is the message to send; and profile and password are the logon credentials to send the email. Tip You can omit the highlighted lines above if you do not need to log on to a mail server or if your information is cached. Sending an Email with Attachments Using Outlook Automation To send an email to multiple users with attachments using Outlook, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. 3. Select Start|Run and enter “cscript scriptfile.vbs”. Here, scriptfile is the full path and file name of a script file that contains the following: On Error Resume Next RCP = "emailaddress" Dim File(2) File(0) = "file1" File(1) = "file2" SUB = "subject" MSG = "message" Set Outlook = CreateObject("Outlook.Application") Set MAPI = Outlook.GetNameSpace("MAPI") Set NewMail = Outlook.CreateItem(0) NewMail.Subject = SUB NewMail.Body = MSG NewMail.Recipients.Add RCP For X = 0 to (UBound(File)-1) NewMail.Attachments.Add(file(X)) Next MAPI.Logon "profile", "password" NewMail.Send MAPI.Logoff Here, file is the array that holds the file names to attach to the message; RCP stores the email address to email; SUB is the email subject; MSG is the message to send; and profile and password are the logon credentials to send the email. Tip You can omit the highlighted lines above if you do not need to log on to a mail server or if your information is cached. Sending Emails and Attachments to Multiple Recipients Using Outlook Automation To send an email to multiple users with attachments using Outlook, proceed as follows: 1. Create a new directory to store all files included in this example. 2. Download and install the latest version of Windows Script Host, from www.microsoft.com , to the new directory. . Security, or System). Sending Alerts Using Shell Scripting Shell scripting does not include a method to send alerts from the command line. Microsoft Windows includes the NET.EXE utility to allow. an array. Sending Alerts Using Windows Script Host Windows Script Host does not include any methods to send messages to users or computers. Through Windows Script Host, you can call upon. $RCODE <> 0 ? "Error clearing the event log" End If Using Logs with Windows Script Host Windows Script Host allows you to write events to a text log and the event log using