Solutions pour Windows
Ce sont là quelques scripts que j'ai écrit sur la plateforme Windows.
Evénements: Capture d'hier événements
Ces scripts capturer les "avertissements" et "erreurs" dans le journal des événements.
' ************************************************* ' * getyesterday.vbs ' * returns date of yesterday ' ************************************************* ' * Author: Joaquin Menchaca (JM) ' * Copyright 2012 - Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) ' ************************************************* ' * Updates: ' * 20070817 JM Document Creation ' ************************************************* ' * References: ' * Hey, Scripting Guy! - How Can I Get Yesterday's Date? ' * http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug04/hey0803.mspx ' ************************************************* dtmYesterday = Date() - 1 Wscript.Echo dtmYesterday
@echo off REM ************************************************* REM * getydsrvevt.cmd REM * Grabs Error and Warning events from all the REM * domain controllers in the forest REM ************************************************* REM * Requirements: REM * eventquery.vbs - winxp/2k3 REM * cmdlib.wsc - winxp/2k3 REM * dsquery - win2k3 REM * getyesterday.vbs - any REM ************************************************* REM * Note: REM * This script checks for Windows 2003, but REM * can work with Windows XP + AdminPak REM ************************************************* REM * Author: Joaquin Menchaca (JM) REM * Copyright 2012 - Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) REM ************************************************* REM * Updates: REM * 20061020 JM Document Creation REM * 20070817 JM Added mechanism for getting yesterday REM ************************************************* SETLOCAL SET LOGTYPES="Application","System","Directory Service","File Replication Service" SET CSCRIPT=CSCRIPT //NOLOGO SET EVENTQUERY=%CSCRIPT% %SYSTEMROOT%\system32\eventquery.vbs SET TYPEFLTR=/FI "TYPE eq ERROR or TYPE eq WARNING" SET FORMAT=/FO CSV rem -- reference a vbscript as process way complex in batch SET GETYESTERDAY=%CSCRIPT% getYesterday.vbs REM ========== Check Version ======================== rem split on "[]" to get only version string for /f "tokens=2 delims=[] usebackq" %%a in (`ver`) do ( rem split on spaces to get numeral data for /f "tokens=2" %%b in ("%%a") do ( rem split on "." to extract major revision number for /f "tokens=1-2 delims=." %%c in ("%%b") do ( set vers=%%c.%%d ) ) ) if "%VERS%" lss "5.2" ( goto :WRONGVERSION ) REM ================================================= REM ========== Set Yesterday ======================== rem -- from subshell rip out components for /f "tokens=1-3 delims=/ usebackq" %%a in (`%GETYESTERDAY%`) do ( set month=%%a set day=%%b set year=%%c ) rem -- configure date format for eventquery script -- set yesterday=%MONTH%/%DAY%/%YEAR%,12:00:00am REM ================================================= REM ========== Query Events from DCs ================ set datefltr=/FI "DateTime gt %YESTERDAY%" set outfile=%YEAR%%MONTH%%DAY%.serverevts.log.csv echo %OUTFILE% rem -- grab list of all servers -- for /f "tokens=2 delims==, usebackq" %%a in (`dsquery server`) do ( rem -- foreach server grab events and output to file for /f "tokens=1-4 delims=," %%b in ("%LOGTYPES%") do ( echo %EVENTQUERY% /s %%a /l %%b %TYPEFLTR% %DATEFLTR% %FORMAT% /V > %outfile% echo %EVENTQUERY% /s %%a /l %%c %TYPEFLTR% %DATEFLTR% %FORMAT% /NH /V >> %outfile% echo %EVENTQUERY% /s %%a /l %%d %TYPEFLTR% %DATEFLTR% %FORMAT% /NH /V >> %outfile% echo %EVENTQUERY% /s %%a /l %%e %TYPEFLTR% %DATEFLTR% %FORMAT% /NH /V >> %outfile% ) ) REM ================================================= goto :EXIT REM ================================================= :WRONGVERSION echo\ echo This command file only works with Windows 2003 or greater. echo\ :EXIT
Evénements journaliers
Il s'agit d'un script plus robuste qui capture les événements d'hier et envoie ensuite un rapport. Ce script doit être planifiée pour s'exécuter tous les jours.
#!/usr/bin/perl -w ############################################################### # DailyEvts.pl - gathers error/warning events through Win2k3 # tools and mails them to users # # (c) 2005 Joaquin Menchaca # # Authors: # jm Joaquin Menchaca # Change History # 20050107 document creation # 20050120 added mail functionality, modularized # 20050124 added CLI argument support # ############################################################### use strict; use Net::SMTP; my (@computers, %computers); my $domain = "contoso.com" my $mailsrvr = "mailex01" ##### set the default scripting mode to console system('CSCRIPT //H:CSCRIPT //s > NULL'); ##### get arguments and set defaults die "Invalid Arguments" if @ARGV < 3; my $watchset = $ARGV[0]; my $emailset = $ARGV[1]; my $mode = $ARGV[2] || "server"; my $subject = "Daily Event Report - " . $ARGV[2]; ##### format of date for eventquery my ($mday, $mon, $year) = (localtime (time))[3..5]; $year+=1900; $mon++; $mday--; # get yesterday my $datestr = "\"Datetime gt $mon/$mday/$year,12:00:00AM\""; # generic log types for eventquery my @logtypes; if ($mode eq "server") { @logtypes = ('application', 'system', '"dns server"', '"directory service"', '"file replication service"'); } else { @logtypes = ('application', 'system'); } ##### acquire list of computers from hand crafted file open (COMPUTERS, $watchset) || die "ERROR: Could not read $!\n"; @computers=<COMPUTERS>; # save list of computers to scan close(COMPUTERS); # close file ##### output the results $computers{$_} = getevents($_) foreach (@computers); mailevents(\%computers); ############################################################### # mailevents() - generates report and mails output. ############################################################### sub mailevents { my $compref = shift; my $output = buildoutput($compref); my ($addresses, $sender, @addresses) = ("", "administrator\@$domain"); ##### acquire list of mail addresses from hand crafted file open (MAILADDR, $emailset) || die "ERROR: Could not read $!\n"; #foreach (<MAILADDR>) { chomp; push (@addresses, $_); } @addresses = map { chomp; $_ } <MAILADDR>; close(MAILADDR); ##### configure mail server my $smtp = Net::SMTP->new($mailsrvr) || die "Bad mail server\n"; $smtp->mail($sender); $smtp->recipient(@addresses); $smtp->data(); $addresses = join(", ", @addresses); $smtp->datasend("To: $addresses"); $smtp->datasend("From: $sender\n"); $smtp->datasend("Priority: Urgent\n"); $smtp->datasend("Importance: high\n"); $smtp->datasend("Subject: $subject\n\n"); $smtp->datasend($output); $smtp->dataend(); $smtp->quit(); } ############################################################### # buildoutput() - generates output string from hash of # computers/events ############################################################### sub buildoutput { my $compref = shift; my ($output, $computer, $evtcat, $event) = ""; foreach $computer (keys %$compref) { $output .= "$computer\n"; $output .= "=" x length $computer; $output .= "\n"; foreach $evtcat (sort keys %{$compref->{$computer}}) { next unless (@{$compref->{$computer}{$evtcat}} gt 0); $output .= " $evtcat\n "; $output .= "-" x length $evtcat; $output .= "\n"; foreach $event (@{$compref->{$computer}{$evtcat}}) { $output .= " $event\n"; } $output .= "\n"; } $output .= "\n"; } return $output } ############################################################### # getevents() - creates a hash containing all the # warning and error events ############################################################### sub getevents { chomp $_[0]; # delete new line character my $system = shift; my ($logtype, @events, %events); foreach $logtype (@logtypes) { my $querystr = "eventquery /v /s $system /fi $datestr /l $logtype"; queryevent($querystr, "Warning", \@events); queryevent($querystr, "Error", \@events); $logtype =~ tr|"||d; $events{$logtype} = [@events]; @events = (); } return {%events}; } ############################################################### # queryevent() - given the query string, type of event, and # ref to list, queries the events. Data returned in ref # to list. ############################################################### sub queryevent { my ($querystr, $type, $events) = @_; my ($entry); $querystr .= " /fi \"Type eq $type\""; # reformat w/ approp. type open (EVTQUERY, "$querystr 2>&1 |"); # execute query foreach $entry (<EVTQUERY>) { next if $entry !~ m/^\s*${type}/i; # skip invalid types push(@$events, $entry); # insert entry into array } close (EVTQUERY); }