The following script will show when specific events logged in event viewer happened. This helped me find out if a computer was shut down daily during a month. For this, i searched for specific event id 6009 in the System event log and put in a text file the date and time when it was logged:
Set dtmDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _& "EventCode = '6009'")
For Each objItem in colItems
Wscript.Echo "Computer Name: " & objItem.ComputerName
Wscript.Echo "Event Code: " & objItem.EventCode
dtmDate.Value = objItem.TimeWritten
dtmTimeWritten = dtmDate.GetVarDate
Wscript.Echo "Time Written: " & dtmTimeWritten
Next
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment