Tips for SMS, Exchange, HP Openview, and others.
Use ADO to process the Event Log
Using WMI to find all SMS 2.0 Crashdumps
Using the ASP.NET Datagrid to display the Application Event Log
Figure out the ProfileLoadTimeHigh registry entry
How to read e-mail in Microsoft Operations Manager
This requires a text file with a header line in it. In the format of;
EventCode,SourceName,Response
50,W32Time,w32tm -resync -rediscover
The file name is in the variable strpathtoTextFile. There are three
fields in the file. The Event Code, the Source and the command you
want to execute when it occurs. Since this uses ADO you can
update the file while the script is running with new events you
wish to detect and it will pick them up on the next iteration.
Try to figure out what event code 50, out of W32Time is
and why you would issue the W32tm command.
Set WshShell = WScript.CreateObject("WScript.Shell")
'On Error Resume Next
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adCmdText = &H0001
Set objConnection = CreateObject("ADODB.Connection")
Set objRecordSet = CreateObject("ADODB.Recordset")
strPathtoTextFile = "c:\path to text file"
objConnection.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=" & strPathtoTextFile & ";" & _
"Extended Properties=""text;HDR=YES;FMT=Delimited"""
Set events = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}").ExecNotificationQuery("select * from __instancecreationevent where targetinstance isa 'Win32_NTLogEvent'")
if err <> 0 then
WScript.Echo Err.Description, Err.Number, Err.Source
end if
WScript.Echo "Waiting for NT Events..."
do
set NTEvent = events.nextevent
if err <> 0 then
WScript.Echo Err.Number, Err.Description, Err.Source
Exit Do
else
strQuery = "SELECT * FROM events.csv where EventCode = " & NTEvent.TargetInstance.EventCode & " and SourceName = '" & NTEvent.TargetInstance.SourceName & "'"
objRecordset.Open strQuery, objConnection, adOpenStatic, adLockOptimistic, adCmdText
Do Until objRecordset.EOF
Wscript.Echo "Event ID: " & objRecordset.Fields.Item("EventCode")
Wscript.Echo "Source: " & objRecordset.Fields.Item("SourceName")
Wscript.Echo "Reponse: " & objRecordset.Fields.Item("Response")
WScript.Echo Now
WScript.Echo
if objRecordset.Fields.Item("Response") <> "" Then WshShell.Run objRecordset.Fields.Item("Response")
objRecordset.MoveNext
Loop
objRecordset.Close
end if
loop
SMS 2.0 will create a Crashdumps directory under the logs
directory whenever a thread crashes. However you won't know this
unless you look for them. So using this VBScript you can
find them simply by running it. To run it use the
cscript command as follows; cscript crashdump.vbs server_name
server_sitecode You can also specify delete as a third
argument and it will delete any crashdump directories that are
over a day old.
Set objArgs = WScript.Arguments
Set fso = CreateObject("Scripting.FileSystemObject")
winmgmt1 = "winmgmts:{impersonationLevel=impersonate}!//" & objArgs(0) & "\root\sms\site_" & objArgs(1)
Set SystemSet = GetObject( winmgmt1 )
strQuery = "select servername, sitecode from SMS_Site order by Servername"
Set objEnumerator = SystemSet.ExecQuery(strQuery)
on error resume next
for each instance in objEnumerator
WScript.Echo "-> " & instance.servername
f1.DateCreated = "99/99/9999"
Set f = fso.GetFolder("\\" & instance.servername & "\sms_" & instance.sitecode & "\logs\crashdumps\")
Set sf = f.SubFolders
For Each f1 in sf
WScript.Echo f1.Name & " " & f1.DateCreated
if (objArgs(2) = "delete") and (f1.DateCreated < Date()) then
f1.Delete
End IF
Next
Next
Since this needs HTML tags to run, change all "[" to "<" and all "]" to ">"
[%@ Import Namespace = System.Diagnostics %]
[%@ Import Namespace = System.Security %]
[%@ Page Language="VB" Debug="true" %]
[script runat="server"]
sub Page_Load(sender as Object, e as EventArgs)
On Error Resume Next
Dim oELog As New EventLog("Application")
EventList.DataSource = oELog.Entries
EventList.DataBind()
End Sub
[/script]
[html]
[head]
[/head]
[body]
[asp:DataGrid runat="server" id="EventList" Font-Name="Verdana" Font-Size="8pt"
AutoGenerateColumns="True" AlternatingItemStyle-BackColor="#eeeeee"
HeaderStyle-BackColor="Navy" HeaderStyle-ForeColor="White"
HeaderStyle-Font-Size="8pt" HeaderStyle-Font-Bold="True"]
[/asp:DataGrid]
[/body]
[/html]
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
strValueName = "ProfileLoadTimeHigh"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetDWordValue HKEY_LOCAL_MACHINE,strSubPath,strValueName, lngHighValue
strValueName = "ProfileLoadTimeLow"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetDWordValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,lngLowValue
If lngLowValue < 0 Then
lngHighValue = lngHighValue + 1
End If
If lngHighValue = 0 And lngLowValue = 0 Then
diff = 0
End If
WScript.Echo strValue & " " & DateAdd("d", ((lngHighValue * 2 ^ 32 + lngLowValue) / 600000000 - diff) / 1440, #1/1/1601#)
Next
This requires having Outlook installed on the machine where the script runs. It also requires
MapiProp from MapiLab. MapiProp allows the script to bypass
the Outlook security features. The script requires two parameters to be added to it.
"Logging" with a value of Y or N. "Mailbox" which should be set to the mailbox to read.
Const olFolderCalendar = 9
Const olFolderConflicts = 19
Const olFolderContacts = 10
Const olFolderDeletedItems = 3
Const olFolderDrafts = 16
Const olFolderInbox = 6
Const olFolderJournal = 11
Const olFolderJunk = 23
Const olFolderLocalFailures = 21
Const olFolderNotes = 12
Const olFolderOutbox = 4
Const olFolderSentMail = 5
Const olFolderServerFailures = 22
Const olFolderSyncIssues = 20
Const olFolderTasks = 13
Const olPublicFoldersAllPublicFolders = 18
Set WshShell = CreateObject("WScript.Shell")
strLog = cStr(ScriptContext.Parameters.Get("Logging")) 'This turns on logging to the Windows Application Event Log
strMailbox = cStr(ScriptContext.Parameters.Get("Mailbox")) 'This is the inbox to read
strComputer = WshShell.ExpandEnvironmentStrings("%ComputerName%")
strAppLog = "Read E-Mail: " & strMailbox & " " & " " & Now & vbCrLf
Set propWrapper = CreateObject("Mapiprop.MAPIPropWrapper")
propWrapper.Initialize
Set objSession = CreateObject("MAPI.Session")
objSession.Logon , , , , , , "YOUR_SERVER" & vbLF & strMailBox ' Change this line to have your Exchange server
Set myOlApp = CreateObject("Outlook.Application")
Set myNameSpace = myOlApp.GetNameSpace("MAPI")
myNameSpace.Logon objSession.Name, , True, True
Set myFolder = myNameSpace.GetDefaultFolder(olFolderInbox)
Set myInbox = myFolder.Items
myInbox.Sort "[ReceivedTime]", True
strAppLog = strAppLog & "Read E-Mail: Number of Items in the Inbox " & myInbox.Count & vbCrLf
objItems = myInbox.Count
For i = objItems to 1 Step -1
Set objCurItem = myInbox.Item(i) 'Not used but could be used to get subject, to, from, etc.
Set objEvent = ScriptContext.CreateEvent()
objEvent.EventSource = "Read E-Mail"
objEvent.EventNumber = 9999
objEvent.EventType = 2
objEvent.LoggingDomain = "DOMAIN"
objEvent.SourceDomain = "DOMAIN"
objEvent.Message = propWrapper.ReadStreamProp(myInbox.Item(i), &H1000001E)
objEvent.SourceComputer = strComputer
ScriptContext.Submit(objEvent)
Set objEvent = Nothing
strAppLog = strAppLog & "Read E-Mail " & objCurItem.Subject & vbCrLf
objCurItem.Delete
Next
Set myFolder = myNameSpace.GetDefaultFolder(olFolderDeletedItems)
Set myInbox = myFolder.Items
strAppLog = strAppLog & "Read E-Mail Number of Deleted Items " & myInbox.Count & vbCrLf
objItems = myInbox.Count
For i = 1 to objItems
Set objCurItem = myFolder.Items.Item(1)
strAppLog = strAppLog & "Read E-Mail Deleted " & objCurItem.Subject & vbCrLf
objCurItem.Delete
Next
propWrapper.Uninitialize
myNameSpace.Logoff
objSession.Logoff
Set myNameSpace = Nothing
Set objSession = Nothing
strAppLog = strAppLog & "Read E-Mail: Ended"
If InStr(strLog, "Y") > 0 then WshShell.LogEvent 0, strAppLog
Send Mail to Steve Pyatt