If you administrate a web server on a remote machine, then you know how important it can be to be able to quickly view your event logs and "check on things" Until recently, the only way to do this was to log onto the machine via Terminal Services, VNC or PC Anywhere, log onto the desktop, and bring up event viewer that way. Or, you could use somebody's component.
Fortunately,. the Windows Management Instrumentation (WMI) interface has become so sophisticated -- and scriptable -- that we can now do all this using these scripting interfaces in an ASP page. Not only that, but we can make things a lot easier by creating a form - based query interface that lets you enter search terms to get back only what you need to see.
The key to all this is an implementation of the Desktop Management Task Force's (DMTF) Web-Based Enterprise Management (WBEM) initiative for Microsoft Windows platforms that extends the Common Information Model (CIM) to represent management objects in Windows management environments. The Common Information Model, also a DMTF standard, is an extensible data model for logically organizing management objects in a consistent, unified manner in a managed environment. It provides:
A rich query language that enables detailed queries of the information model.
A scriptable API that developers can use to create management applications. The scripting API supports several languages, including Microsoft Visual Basic; Visual Basic for Applications (VBA); Visual Basic, Scripting Edition (VBScript); Microsoft JScript development software. Besides VBScript and JScript, developers can use any scripting language implementation that supports Microsoft's ActiveX Scripting technologies with this API (for example, a Perl scripting engine). Additionally, you can use the Windows Scripting Host or Microsoft Internet Explorer to run scripts utilizing this interface. Windows Scripting Host, like Internet Explorer, serves as a controller engine of ActiveX scripting engines. Windows Scripting Host supports scripts written in VBScript and JScript.
What we'll do here is use the scripting interface to write an ASP web page that can be loaded from the IIS machine just like any web page, and that allows us to view and search the Event Logs:
<%
' Event Log Reader by Peter A Bromberg
' In our first script block, we simply check to see if the form has been submitted. If so, we instantiate the Wscript.Network object to
' get an instance of the computer name, and display it
if Request.Form("SUBMIT") = "" then
set oNet =CreateObject("WScript.Network")
compname=oNet.Computername
Response.write "<BASEFONT FACE=Verdana>"
Response.write "Viewing: " & compname & "<BR>"
set oNet = Nothing
%>
<!-- the form wasn't submitted, so let's display it for the user...-->
<FORM ACTION =eventLog.asp METHOD=POST>
<Table cellpadding=2 cellspacing=2 border=0>
<TR><TD>
<input type=text name=cn value=<%=compname%>></TD><TD>computer name</td></TR>
<TR><TD><select name=LF>
<option value=application>application</option>
<option value=system>system</option>
<option value=security>security</option>
</select></TD><TD>Log File</TD></TR>
<TR><TD><input type =text name=s></TD><TD>Event Source</TD></TR>
<TR><TD><select name=t>
<option value=>ALL</option>
<option value=information>information</option>
<option value=warning>warning</option>
<option value=error>error</option>
</select></TD><TD>Type</TD></TR>
<TR><TD><input type=text name=e></TD><TD>Event Code</TD></TR>
<TR><TD><input type=text name=u></TD><TD>UserName</TD></TR>
<TR><TD><input type=password name=p></TD><TD>Password</TD></TR>
<TR><TD COLSPAN=2 Align=center><input type=SUBMIT NAME=SUBMIT VALUE=CHECK></TD></TR>
</TABLE>
</FORM>
<%
' The form was submitted, so let's do our processing of the user's query..
else
'Declare and initialize the variables we need...
Dim wmiServices, wmiResultSet, wmiRecord
Dim strComputer, strLogfile, strWqlQuery
Dim dtDate, dtTime
set oNet =CreateObject("WScript.Network")
set wmiLocator = CreateObjec