pandorafms/pandora_agents/pc/Win32/util/logevent_log4x.vbs

94 lines
2.9 KiB
Plaintext
Raw Normal View History

' --------------------------------------------------------------
' WMI Log Event Parser for Windows
' Used as Plugin in Pandora FMS Monitoring System
' Written by Sancho Lerena <slerena@gmail.com> 2010
' Licensed under BSD Licence
' --------------------------------------------------------------
' This plugin uses three parameters:
'
' module_name : Module name to be reported at pandora, p.e: Event_Application
' logfile : Windows event logfile: Application, System, Security...
' interval: Should be the same interval agent has, p.e: 300 (seconds)
' Code begins here
' Take args from command line
if (Wscript.Arguments.Count = 0) then
WScript.Quit
end if
On Error Resume Next
cfg_module_name = Wscript.Arguments(0)
cfg_logfile = Wscript.Arguments(1)
cfg_interval = Wscript.Arguments(2)
strComputer = "."
MyDate = dateAdd("s", -cfg_interval, Now) ' Latest X seconds
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
CONVERT_TO_LOCAL_TIME = TRUE
DateToCheck = CDate(MyDate)
dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME
WMI_QUERY = "Select * from Win32_NTLogEvent Where Logfile = '" & cfg_logfile & "' AND TimeWritten >= '" & dtmStartDate & "'"
' DEBUG
'wscript.StdOut.WriteLine dtmStartDate
'wscript.StdOut.WriteLine WMI_QUERY
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery (WMI_QUERY)
'The XML files need the have the fields SEVERITY, MESSAGE and
'STACKTRACE. These are the fields that are often used when logging with
'log4j. Just in case, the severity field can have the following values:
'TRACE, DEBUG, INFO, WARN, ERROR, FATAL. The "message" field is just
For Each objEvent in colEvents
if (objEvent.Type = "0") then
severity = "FATAL"
end if
if (objEvent.Type = "1") then
severity = "ERROR"
end if
if (objEvent.Type = "2") then
severity = "WARN"
end if
if (objEvent.Type >= "3") then
severity = "INFO"
end if
stacktrace = "Category: " & objEvent.CategoryString & ", Event Code: " & objEvent.EventCode & ", Source Name: " & objEvent.SourceName & ", LogFile: " & cfg_logfile
event_message = objEvent.Message
Wscript.StdOut.Write "<module>"
Wscript.StdOut.Write "<name><![CDATA[" & cfg_module_name & "]]></name>"
Wscript.StdOut.Write "<type>log4x</type>"
Wscript.StdOut.Write "<severity>" & severity & "</severity>"
if (event_message = "") then
Wscript.StdOut.Write "<message></message>"
else
Wscript.StdOut.Write "<message><![CDATA[" & event_message & "]]></message>"
end if
if (stacktrace = "") then
Wscript.StdOut.Write "<stacktrace></stacktrace>"
else
Wscript.StdOut.Write "<stacktrace><![CDATA[" & stacktrace & "]]></stacktrace>"
end if
Wscript.StdOut.WriteLine "</module>"
Wscript.StdOut.flush
Next
' Code ends here