2006年03月09日
イベントビューアーをCSV形式ファイルとして取得するバッチプログラム。 [WindowsXP][WS2003]
イベントビューアーをCSV形式ファイルとして取得するバッチプログラム。
@echo off
SETLOCAL
echo ***********************************
echo * (c) aotaka 2005
echo * イベントログを取得する
echo * (0) 本日のみ %~n0%~x0
echo * (1) 日付指定 %~n0%~x0 [年/月/日]
echo * (2) 期間指定 %~n0%~x0 [開始年/月/日] [終了年/月/日]
echo *
echo * example : %~n0%~x0 2005/01/31 2005/02/01
echo * ※記録されるイベントは発生時刻順ではありません。
echo ***********************************
if not "%~2"=="" (
call :para2 "%~1" "%~2"
) else if not "%~1"=="" (
call :para1 "%~1"
) else (
call :para1 "%date%"
)
if not "%~1"=="" (
echo 取得期間 [%STARTDAY8%]-[%ENDDAY8%]
) else (
echo 取得期間 [%STARTDAY8%]
)
echo.
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l Application > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_APPLICATION.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l System > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_SYSTEM.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l Security > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_SECURITY.csv"
rem //---- ONLY ActiveDirectory server ----//
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "DNS server" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_DNS.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "Directory Service" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_DS.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "File Replication Service" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_FRS.csv"
exit /b 0
:para1
call :setdate %~1
set STARTDAY=%MM%/%DD%/%YYYY%
set STARTDAY8=%YYYY%%MM%%DD%
set ENDDAY=%STARTDAY%
set ENDDAY8=%STARTDAY8%
goto :eof
:para2
call :setdate "%~1"
set STARTDAY=%MM%/%DD%/%YYYY%
set STARTDAY8=%YYYY%%MM%%DD%
call :setdate "%~2"
set ENDDAY=%MM%/%DD%/%YYYY%
set ENDDAY8=%YYYY%%MM%%DD%
goto :eof
:setdate
for /f "tokens=1,2,3 delims=/" %%i in ('echo %~1') do (
set YYYY=%%i
set MM=%%j
set DD=%%k
)
goto :eof
@echo off
SETLOCAL
echo ***********************************
echo * (c) aotaka 2005
echo * イベントログを取得する
echo * (0) 本日のみ %~n0%~x0
echo * (1) 日付指定 %~n0%~x0 [年/月/日]
echo * (2) 期間指定 %~n0%~x0 [開始年/月/日] [終了年/月/日]
echo *
echo * example : %~n0%~x0 2005/01/31 2005/02/01
echo * ※記録されるイベントは発生時刻順ではありません。
echo ***********************************
if not "%~2"=="" (
call :para2 "%~1" "%~2"
) else if not "%~1"=="" (
call :para1 "%~1"
) else (
call :para1 "%date%"
)
if not "%~1"=="" (
echo 取得期間 [%STARTDAY8%]-[%ENDDAY8%]
) else (
echo 取得期間 [%STARTDAY8%]
)
echo.
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l Application > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_APPLICATION.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l System > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_SYSTEM.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l Security > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_SECURITY.csv"
rem //---- ONLY ActiveDirectory server ----//
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "DNS server" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_DNS.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "Directory Service" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_DS.csv"
cscript "%windir%\system32\eventquery.vbs" /fo csv /fi "datetime eq %STARTDAY%,12:00:00am-%ENDDAY%,11:59:59pm" /v /l "File Replication Service" > "%COMPUTERNAME%_EVENTLOG_%STARTDAY8%_FRS.csv"
exit /b 0
:para1
call :setdate %~1
set STARTDAY=%MM%/%DD%/%YYYY%
set STARTDAY8=%YYYY%%MM%%DD%
set ENDDAY=%STARTDAY%
set ENDDAY8=%STARTDAY8%
goto :eof
:para2
call :setdate "%~1"
set STARTDAY=%MM%/%DD%/%YYYY%
set STARTDAY8=%YYYY%%MM%%DD%
call :setdate "%~2"
set ENDDAY=%MM%/%DD%/%YYYY%
set ENDDAY8=%YYYY%%MM%%DD%
goto :eof
:setdate
for /f "tokens=1,2,3 delims=/" %%i in ('echo %~1') do (
set YYYY=%%i
set MM=%%j
set DD=%%k
)
goto :eof
aotaka at 14:14
│Comments(0)
│TrackBack(0)