Eventquery.vbs



гһ¼־е¼¼ԡ


﷨



eventquery[.vbs] [/s Computer [/u Domain\User [/p Password]]] [/fi FilterName] [/fo {TABLE|LIST|CSV}] [/r EventRange [/nh] [/v] [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"] [UserDefinedLog] [DirectoryLogName] [*] ]







/s Computer
ָԶ̼ƻ IP ַʹ÷бܣĬֵǱؼ

/u Domain\User
о User  Domain\User ָûʻȨ޵ĽűĬֵǵǰ¼ļûȨޡ

/p Password
ָûʻ룬ûʻ /u ָ

/fi FilterName
ָҪڲѯе¼ָͣҪӲѯų¼͡ҪҾһֵ¼ͨʹ or ڵ﷨нʹá͡ IDЧɸѡֵ



ֵ


ʱ
eq, ne, ge, le, gt, lt
mm/dd/yy(yyyy), hh:mm:ssAM(/PM)



eq, ne, or
{ERROR|INFORMATION|WARNING|SUCCESSAUDIT|FAILUREAUDIT}


ID
eq, ne, or, ge, le, gt, lt
κЧ


û
eq, ne
κЧַ



eq, ne
κЧַ


Դ
eq, ne
κЧַ



eq, ne
κЧַ




/fo {TABLE|LIST|CSV}
ָõĸʽЧֵΪ tablelist  csv

/r EventRange
ָҪг¼ķΧ


ֵ
˵


N
г N µ¼


-N
г N ɵ¼


N1-N2
г N1  N2 ¼




/nh
ȡеб⡣ table  csv ʽ

/v
ָʾеϸ¼Ϣ

/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"] [UserDefinedLog] [DirectoryLogName] [*] ]
ָҪӵ־ЧֵΪ ApplicationSystemSecurity"DNS server"ûԶ־Լ Directory ־ֻ /s ָļ DNS £ſʹ "DNS server"ҪָҪӵ־ʹ /l ʹͨ (*)Ĭֵ

/?ʾʾ




ע


Ҫд˽ű CscriptδĬ Windows Script Host Ϊ Cscript룺

cscript //h:cscript //s //nologo 






ķʾʹ eventquery 

eventquery /l system
 eventquery /l mylog
 eventquery /l application /l system
 eventquery /s srvmain /u maindom\hiropln /p p@ssW23 /v /l *
 eventquery /r 10 /l application /nh
 eventquery /r -10 /fo LIST /l security
 eventquery /r 5-10 /l "DNS server"
 eventquery /fi "Type eq Error" /l application
 eventquery /fi "Datetime eq 06/25/00,03:15:00AM/06/25/00,03:15:00PM" /l application
 eventquery /fi "Datetime gt 08/03/00,06:20:00PM" /fi "id gt 700" /fi "Type eq warning" /l system
eventquery /fi "ID eq 1000 OR ID ge 4500"
eventquery /fi "Type eq error OR Type eq INFORMATION"
eventquery /fi "ID eq 250 OR Type eq ERROR"

XOX



