本文介绍了如何利用Nirsoft的免费工具MyEventViewer导出和过滤Windows事件日志,并通过批处理脚本自动发送电子邮件或保存到文本文件。配置包括指定事件日志名称、类型,以及设置计划任务以定期执行。
windows系统日志事件
The Windows Event Logs are a tremendous resource as they can not only help you troubleshoot current system issues, but can also provide you with warning signs of potential future problems. So keeping on top of the events your system records can be key to keeping your system running as it should. Unfortunately, sifting through the Event Logs or creating custom views can be a cumbersome manual process.
Windows事件日志是一个巨大的资源,因为它们不仅可以帮助您解决当前系统问题,还可以为您提供潜在的未来问题的警告信号。 因此,掌握事件的最重要信息是保持系统正常运行的关键。 不幸的是,浏览事件日志或创建自定义视图可能是一个繁琐的手动过程。
Thankfully, we have a solution which will easily allow you to export and filter Windows Event Log entries and then have them emailed and/or saved to a text file. When this process is configured as part of a scheduled task you can have, for example, warning and error messages emailed to you automatically.
值得庆幸的是,我们有一个解决方案,可以轻松地让您导出和过滤Windows事件日志条目,然后将它们通过电子邮件发送和/或保存到文本文件中。 当此过程配置为计划任务的一部分时,您可以将例如警告和错误消息自动通过电子邮件发送给您。
这个怎么运作 (How It Works)
Our solution works by using a freeware utility, MyEventViewer, by Nirsoft which allows you to easily export Windows Event Logs to a comma separated file. Based on this output, we have developed an easy to configure batch script which filters these results and then can email and/or save the filtered results file. Because the results are a comma separated file, it can be opened in Excel (or your favorite CSV program) and further sorted and filtered.
我们的解决方案通过使用Nirsoft的免费软件实用程序MyEventViewer来工作,该实用程序使您可以轻松地将Windows事件日志导出到逗号分隔的文件中。 基于此输出,我们开发了易于配置的批处理脚本,该脚本可过滤这些结果,然后可以通过电子邮件发送和/或保存过滤后的结果文件。 由于结果是逗号分隔的文件,因此可以在Excel(或您喜欢的CSV程序)中将其打开,然后进行进一步的排序和过滤。
组态 (Configuration)
The configuration settings and options are documented as inline comments in the script, however we will cover a few of them in a bit of detail here.
配置设置和选项在脚本中以内联注释的形式记录在文档中,但是我们将在此处详细介绍其中的一些。
Event Log Name
事件日志名称
When specifying the Event Logs you want to capture the events from, you must use the system full name of the log. This is not necessarily what you see in the Event Viewer list of logs.
指定要从中捕获事件的事件日志时,必须使用日志的系统全名。 这不一定是您在“事件查看器”日志列表中看到的内容。
For example, if you wanted to capture events from the “Microsoft Office Alerts” log, go to the Properties dialog of the log.
例如,如果您想从“ Microsoft Office Alerts”日志中捕获事件,请转到日志的“属性”对话框。
Note the value in the Full Name value, in this case “OAlerts”. This would be the value you would need to enter into the script’s configuration.
注意全名值中的值,在这种情况下为“ OAlerts”。 这将是您需要输入脚本配置的值。
Event Types
活动类型
The values for the Event Types is simply the text you see in the “Level” column when you are viewing Event Logs. Typically these are either Information, Warning or Error but various logs may have different values.
事件类型的值只是您在查看事件日志时在“级别”列中看到的文本。 通常,这些信息是“信息”,“警告”或“错误”,但是各种日志可能具有不同的值。
Scheduled Task Setup
计划任务设置
The typical usage of this script is most likely in an automated process. So to make sure there is no overlap between your capture interval and when the process runs, you should set up a Windows Scheduled Task to complement the capture time.
该脚本的典型用法很可能是在自动化过程中进行的。 因此,为确保捕获间隔与进程运行时没有重叠,应设置Windows计划任务以补充捕获时间。
Quite simply, if your configuration is set to capture events for the last day, you should have a scheduled task that runs once per day. If your configuration is set to capture for the last hour, your scheduled task should be set to run once every hour. Etc.
很简单,如果您的配置设置为捕获最后一天的事件,则您应该有一个计划的任务,该任务每天运行一次。 如果您的配置设置为捕获最后一个小时,则您的计划任务应设置为每小时运行一次。 等等。
As an additional note, in order to make sure the MyEventViewer application can get to the information it needs, the respective scheduled task should be run with administrator rights on the machine.
作为附加说明,为了确保MyEventViewer应用程序可以获取所需的信息,应在计算机上以管理员权限运行相应的计划任务。
例子 (Examples)
This configuration would email Errors and Warnings from the System and Application Event Logs recorded in the past day (24 hours) to my@email.com as well as save the output to the C:\EventNotices folder:
此配置会将过去一天(24小时)内记录的系统和应用程序事件日志中的错误和警告通过电子邮件发送到my@email.com,并将输出保存到C:\ EventNotices文件夹:
- EmailResults=1 EmailResults = 1
- EmailTo=my@email.com EmailTo=my@email.com
- SaveResults=1 SaveResults = 1
- SaveTo=C:\EventNotices SaveTo = C:\ EventNotices
- TimeInterval=3 TimeInterval = 3
- TimeValue=1 TimeValue = 1
- Logs=System,Application 日志=系统,应用程序
- Types=Error,Warning 类型=错误,警告
- Scheduled Task should run every day. 计划任务应该每天运行。
This configuration would only email Errors from the System Event Log recorded in the past hour to my@email.com:
此配置仅将过去一个小时记录的系统事件日志中的错误通过电子邮件发送到my@email.com:
- EmailResults=1 EmailResults = 1
- EmailTo=my@email.com EmailTo=my@email.com
- SaveResults=0 SaveResults = 0
- TimeInterval=2 TimeInterval = 2
- TimeValue=1 TimeValue = 1
- Logs=System 日志=系统
- Types=Error 类型=错误
- Scheduled Task should run every hour. 计划任务应每小时运行一次。
This configuration would only save Errors and Warnings from the Application Event Log in the past week to the desktop of user JFaulkner (Windows 7) C:\Users\jfaulkner\Desktop:
此配置仅将过去一周中来自应用程序事件日志的错误和警告保存到用户JFaulkner(Windows 7)C:\ Users \ jfaulkner \ Desktop的桌面上:
- EmailResults=0 EmailResults = 0
- SaveResults=1 SaveResults = 1
- SaveTo=C:\Users\jfaulkner\Desktop SaveTo = C:\ Users \ jfaulkner \ Desktop
- TimeInterval=3 TimeInterval = 3
- TimeValue=7 TimeValue = 7
- Logs=Application 日志=应用程序
- Types=Error,Warning 类型=错误,警告
- Scheduled Task should run every week. 计划任务应每周运行。
Download Event Log Notifier Script from How-To Geek
Download MyEventViewer from Nirsoft
Download Blat from Sourceforge
翻译自: https://www.howtogeek.com/69551/how-to-create-your-own-windows-event-log-notification-system/
windows系统日志事件
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
