收集並傳送事件檢視器資料(WMI+Script)

由VBScript語言寫成，可用於收集Event Logs並依內容寄送至指定電子郵件信箱
但會自動刪除目前所有Event，須審慎使用，建議搭配排程使用


Dim LDate
Dim logAppErr, logSecErr, logSysErr
logAppErr = "The Application Event Log backed up successfully."
logSecErr = "The Security Event Log backed up successfully."
logSysErr = "The System Event Log backed up successfully."
strComputer = "."
Set objWMIServiceDate = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIServiceDate.ExecQuery("Select * from Win32_LocalTime")
For Each objItem in colItems
    LDate=objItem.Year&" "&objItem.Month&" "&objItem.Day
Next
Set objWMIServiceEvent = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFilesApp = objWMIServiceEvent.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")
Set colLogFilesSec = objWMIServiceEvent.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
Set colLogFilesSys = objWMIServiceEvent.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='System'")
Set objEmail = CreateObject("CDO.Message")
objEmail.From = "system@server"
objEmail.To = "ahniou@hotmail.com"
objEmail.Subject = LDate&" Server EventLogs"
For Each objLogfile in colLogFilesApp
    errBackupLog = objLogFile.BackupEventLog("c:\Eventlog\"&LDate&"application.evt")
    If errBackupLog <> 0 Then
        logAppErr = "The application event log could not be backed up."
    Else
        objEmail.AddAttachment "c:\Eventlog\"&LDate&" application.evt"
        objLogFile.ClearEventLog()
    End If
Next
For Each objLogfile in colLogFilesSec
    errBackupLog = objLogFile.BackupEventLog("c:\Eventlog\"&LDate&"security.evt")
    If errBackupLog <> 0 Then
        logSecErr = "The security event log could not be backed up."
    Else
        objEmail.AddAttachment "c:\Eventlog\"&LDate&" security.evt"
        objLogFile.ClearEventLog()
    End If
Next
For Each objLogfile in colLogFilesSys
    errBackupLog = objLogFile.BackupEventLog("c:\Eventlog\"&LDate&"System.evt")
    If errBackupLog <> 0 Then
        logSysErr = "The System event log could not be backed up."
    Else
        objEmail.AddAttachment "c:\Eventlog\"&LDate&" System.evt"
    objLogFile.ClearEventLog()
    End If
Next
objEmail.Textbody = LDate&" Server logs arrived."&vbCrlf&vbCrlf&logAppErr&vbCrlf&logSecErr&vbCrlf&logSysErr
objEmail.Send