If you administrate a web server on a remote machine, then you know how important it can be to be able to quickly view your event logs and "check on things" Until recently, the only way to do this was to log onto the machine via Terminal Services, VNC or PC Anywhere, log onto the desktop, and bring up event viewer that way. Or, you could use somebody's component.

Fortunately,. the Windows Management Instrumentation (WMI) interface has become so sophisticated -- and scriptable -- that we can now do all this using these scripting interfaces in an ASP page. Not only that, but we can make things a lot easier by creating a form - based query interface that lets you enter search terms to get back only what you need to see.

The key to all this is an implementation of the Desktop Management Task Force's (DMTF) Web-Based Enterprise Management (WBEM) initiative for Microsoft® Windows platforms that extends the Common Information Model (CIM) to represent management objects in Windows management environments. The Common Information Model, also a DMTF standard, is an extensible data model for logically organizing management objects in a consistent, unified manner in a managed environment. It provides:

A rich query language that enables detailed queries of the information model.

A scriptable API that developers can use to create management applications. The scripting API supports several languages, including Microsoft Visual Basic®; Visual Basic for Applications (VBA); Visual Basic, Scripting Edition (VBScript); Microsoft JScript® development software. Besides VBScript and JScript, developers can use any scripting language implementation that supports Microsoft's ActiveX® Scripting technologies with this API (for example, a Perl scripting engine). Additionally, you can use the Windows Scripting Host or Microsoft Internet Explorer to run scripts utilizing this interface. Windows Scripting Host, like Internet Explorer, serves as a controller engine of ActiveX scripting engines. Windows Scripting Host supports scripts written in VBScript and JScript.

What we'll do here is use the scripting interface to write an ASP web page that can be loaded from the IIS machine just like any web page, and that allows us to view and search the Event Logs:

<%

' Event Log Reader by Peter A Bromberg

' In our first script block, we simply check to see if the form has been submitted. If so, we instantiate the Wscript.Network object to

' get an instance of the computer name, and display it

if Request.Form("SUBMIT") = "" then

set oNet =CreateObject("WScript.Network")

compname=oNet.Computername

Response.write ""

Response.write "Viewing: " & compname & "

"

set oNet = Nothing

%>

computer name

application

system

security

Log File

Event Source

ALL

information

warning

error

Type

Event Code

UserName

Password

<%

' The form was submitted, so let's do our processing of the user's query..

else

'Declare and initialize the variables we need...

Dim wmiServices, wmiResultSet, wmiRecord

Dim strComputer, strLogfile, strWqlQuery

Dim dtDate, dtTime

set oNet =CreateObject("WScript.Network")

set wmiLocator = CreateObject("WbemScripting.SWbemLocator")

strComputer = oNet.ComputerName

' create the base query, and add the user's selections to the query string ...

strWqlQuery = "SELECT * FROM Win32_NTLogEvent WHERE Logfile="

If(Request.Form("cn") "") Then strComputer = Request.Form("cn")

If(Request.Form("LF") "") Then strLogfile = Request.Form("LF")

strWqlQuery = strWqlQuery & """" & strLogfile & """"

If(Request.Form("s") "") Then strWqlQuery = strWqlQuery & " AND SourceName=" & """" & Request.Form("s") & """"

If(Request.Form("t") "") Then strWqlQuery = strWqlQuery & " AND Type=" & """" & Request.Form("t") & """"

If(Request.Form("e") "") Then strWqlQuery = strWqlQuery & " AND EventCode=" & """" & Request.Form("e") & """"

' Connect to the default machine, or optionally to another machine and accept username and pasword

if Request.form("u") "" then

Set wmiServices = wmiLocator.ConnectServer(strComputer , "root\default", Request.form("u"), Request.Form("p"))

else

Set wmiServices = wmiLocator.ConnectServer(strComputer )

end if

' Execute our WMI query...

Set wmiResultSet = wmiServices.ExecQuery(strWqlQuery)

If(wmiResultSet.Count = 0) Then

Response.write "Query: """ & strWqlQuery & """ returned 0 records."

Else

' Display the results in a nice table..

Response.write "

"

Response.write "RecTypeDateTimeSourceCategoryCat StrgEventUsrComputerMsg"

For Each wmiRecord In wmiResultSet

dtDate = CWmiDate(wmiRecord.TimeGenerated)

dtTime = CWmiTime(wmiRecord.TimeGenerated)

i = i +1

if i mod 2 = 0 then

response.write ""

else

response.write ""

end if

response.write "" & wmiRecord.RecordNumber &" " & _

"" & wmiRecord.Type & "" & _

"" & dtDate & "" & _

"" & dtTime & "" & _

"" & wmiRecord.SourceName & "" & _

"" & wmiRecord.Category & "" & _

"" & wmiRecord.CategoryString & "" & _

"" & wmiRecord.EventCode & "" & _

"" & wmiRecord.User & "" & _

"" & wmiRecord.ComputerName & "" & _

"" & wmiRecord.Message & ""

Next

Response.write "

"

' provide a link at the bottom to perform a new query...

Response.write "

New Query"

' Cleanup objects..

Set oNet = Nothing

Set wmiLocator =Nothing

Set wmiServices=Nothing

Set wmiResultSet = Nothing

End If

' Helper functions for date and time formatting of the CIM DateTime object...

Function CWmiDate(cim_DateTime)

Dim strDateTime, iYear, iMonth, iDay

strDateTime = CStr(cim_DateTime)

iYear = CInt(Mid(strDateTime, 1, 4))

iMonth = CInt(Mid(strDateTime, 5, 2))

iDay = CInt(Mid(strDateTime, 7, 2))

CWmiDate = CDate(Join(Array(iMonth, iDay, iYear), "/"))

End Function

Function CWmiTime(cim_DateTime)

Dim strDateTime, iHours, iMinutes, iSeconds

strDateTime = CStr(cim_DateTime)

iHours = CInt(Mid(strDateTime, 9, 2))

iMinutes = CInt(Mid(strDateTime, 11, 2))

iSeconds = CInt(Mid(strDateTime, 13, 2))

CWmiTime = TimeSerial(iHours, iMinutes, iSeconds)

End Function

end if

%>