你好,
谢谢你的提问。
很抱歉我并不是一位VB脚本专家,但是尝试着帮助你编写了这样一个简单的VB脚本。
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _
& "EventCode = '41'")
If colLoggedEvents.Count=0 Then
WScript.Echo "nothing wrong"
Else
For Each objEvent in colLoggedEvents
Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "Message: " & objEvent.Message
Wscript.Echo "Record Number: " & objEvent.RecordNumber
Wscript.Echo "Source Name: " & objEvent.SourceName
Wscript.Echo "Time Written: " & objEvent.TimeWritten
Wscript.Echo "Event Type: " & objEvent.Type
Wscript.Echo "User: " & objEvent.User
Next
end If
这个脚本如果没有event日志41的话将会输出nothing wrong,有的话将会输出有日志的信息。
但是我还是认为,使用powershell的话将会更加简单。
$events=get-winevent -FilterHashtable @{Logname='System';ID=4221} -ErrorAction Ignore
if ($events )
{
$events | fl *
}
else
{
Write-Host "一切正常"
}
最好的祝福,
Lee
Just do it.
