[背景]公司最近HP盘柜出了几次问题,与其交涉也没得到很好的解决,为此让我们用脚本来监控日志,经观察日志,发现出现Source name为Ftdisk
出现盘柜丢失!为此,我就以这个关键字为基础,写了一个WMI脚本!
这个脚本有几个作用:
(1)拒绝重复发邮件(一个开关文件status.txt)
(2)发邮件报警(在备份日志功能上,我们通过循环做到不发给某个组)
(3)system日志检查(检索符合Ftdisk的条目并且发邮件)
(4)检查system日志大小,当大与1.2M时备份日志发邮件并且清除日志!(在小日志下检索,好处?不用说了吧!)
(5)动态获取本机IP
[过程]
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'用来监控日志信息将其匹配的信息发送邮件并指定超过一定大小的情况下备份日志                                         '
'版权所有:坏男孩                                                                                                 '
'MSN:[email]hahazhu0634@live.cn[/email]                                                                                        '
'QQ:383088680                                                                                                    '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'定义些基本的全局变量
Dim arrFileLines()
i = 0
Dim emails(4)
emails(0)="[email]xxx@xxx.com[/email]"
emails(1)="[email]xxx@xxx.com[/email]"
emails(2)="[email]xxx@xxx.com[/email]"
emails(3)="[email]xxx@xxx.com[/email]"
IP=GetIP
'读取开关文件
Set objFSO = CreateObject(".ing.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\status.txt", 1)
Do Until objFile.AtEndOfStream
     Redim Preserve arrFileLines(i)
     arrFileLines(i) = objFile.ReadLine
     i = i + 1
Loop
objFile.Close
For l = Ubound(arrFileLines) to LBound(arrFileLines) Step -1
    value=arrFileLines(l)
Next
if value = 1 then
  w..quit
else
   Checklog
end if
'检索日志函数
public Function Checklog
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where Logfile = 'System'" _
        & "and SourceName = 'Ftdisk'")
For Each objEvent in colLoggedEvents
  if objEvent.SourceName="Ftdisk" then
    call SendMail(IP&" Maybe disk error! ",3)
    Insert
    W..quit
  else
    checklogsize
  end if
Next
End Function
'发送邮件
Public Function SendMail(messages,count)
      for i=0 to count
           Set objEmail = CreateObject("CDO.Message")
            objEmail.From = "[email]zhengjun.zhu@163.com[/email]"
            objEmail.To = emails(i)
            objEmail.Subject = "DISK Status!"
            objEmail.Textbody ="Disk alarm:"&messages
            objEmail.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
            objEmail.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _
            "192.168.xxx.xxx"
            objEmail.Configuration.Fields.Item _
            ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
            objEmail.Configuration.Fields.Update
            objEmail.Send
      next

End Function
'向开关文件写个1
Public Function Insert
        Set fs = CreateObject(".ing.FileSystemObject")
        Set txt = fs.OpenTextFile("c:/status.txt", 2, True)
        txt.WriteLine "1"
        txt.close
End Function
'检查日志大小,备份/清除,退出
Public Function Checklogsize
   strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
   & "{impersonationLevel=impersonate, (Backup)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile Where LogFileName = 'System'")
For each objLogfile in colLogFiles
     if objLogFile.FileSize >1200000 then
         errBackupLog = objLogFile.BackupEventLog("c:\System.evt")
            If errBackupLog <> 0 Then        
                call SendMail(IP&" Log backup error!",2)
                w..quit
            else
                call SendMail(IP&" Log backup sucess!",2)
                objLogFile.ClearEventLog()
                w..quit
            end if
     else
          w..quit

     end if             
Next
End Function
'获取本机IP地址
Public Function GetIP
    ComputerName="."
    Dim objWMIService,colItems,objItem,objAddress
    Set objWMIService = GetObject("winmgmts:\\" & ComputerName & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
    For Each objItem in colItems
        For Each strAddress in objItem.IPAddress
            GetIP=strAddress
        Next
    Next
End Function
[结果]等到下星期布属,如果兄弟们有什么高招,或者在性能上能更能提高脚本,请赐教!谢谢....