超强的盘柜监控-白红宇

[背景]公司最近HP盘柜出了几次问题，与其交涉也没得到很好的解决，为此让我们用脚本来监控日志，经观察日志，发现出现Source name为Ftdisk

出现盘柜丢失!为此，我就以这个关键字为基础，写了一个WMI脚本!

这个脚本有几个作用：

(1)拒绝重复发邮件(一个开关文件status.txt)

(2)发邮件报警(在备份日志功能上，我们通过循环做到不发给某个组)

(3)system日志检查(检索符合Ftdisk的条目并且发邮件)

(4)检查system日志大小，当大与1.2M时备份日志发邮件并且清除日志!(在小日志下检索，好处？不用说了吧!)

(5)动态获取本机IP

[过程]

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

'用来监控日志信息将其匹配的信息发送邮件并指定超过一定大小的情况下备份日志 '

'MSN：[email]hahazhu0634@live.cn[/email] '

'QQ:383088680 '

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

'定义些基本的全局变量

Dim arrFileLines()

i = 0

Dim emails(4)

emails(0)="[email]xxx@xxx.com[/email]"

emails(1)="[email]xxx@xxx.com[/email]"

emails(2)="[email]xxx@xxx.com[/email]"

emails(3)="[email]xxx@xxx.com[/email]"

IP=GetIP

'读取开关文件

Set objFSO = CreateObject(".ing.FileSystemObject")

Set objFile = objFSO.OpenTextFile("C:\status.txt", 1)

Do Until objFile.AtEndOfStream

Redim Preserve arrFileLines(i)

arrFileLines(i) = objFile.ReadLine

i = i + 1

Loop

objFile.Close

For l = Ubound(arrFileLines) to LBound(arrFileLines) Step -1

value=arrFileLines(l)

if value = 1 then

w..quit

else

Checklog

end if

'检索日志函数

public Function Checklog

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _

("Select * from Win32_NTLogEvent Where Logfile = 'System'" _

& "and SourceName = 'Ftdisk'")

For Each objEvent in colLoggedEvents

if objEvent.SourceName="Ftdisk" then

call SendMail(IP&" Maybe disk error! ",3)

Insert

W..quit

else

checklogsize

end if

End Function

'发送邮件

Public Function SendMail(messages,count)

for i=0 to count

Set objEmail = CreateObject("CDO.Message")

objEmail.From = "[email]zhengjun.zhu@163.com[/email]"

objEmail.To = emails(i)

objEmail.Subject = "DISK Status!"

objEmail.Textbody ="Disk alarm:"&messages

objEmail.Configuration.Fields.Item _

("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

objEmail.Configuration.Fields.Item _

("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _

"192.168.xxx.xxx"

objEmail.Configuration.Fields.Item _

("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

objEmail.Configuration.Fields.Update

objEmail.Send

End Function

'向开关文件写个1

Public Function Insert

Set fs = CreateObject(".ing.FileSystemObject")

Set txt = fs.OpenTextFile("c:/status.txt", 2, True)

txt.WriteLine "1"

txt.close

End Function

'检查日志大小，备份/清除，退出

Public Function Checklogsize

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate, (Backup)}!\\" _

& strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery _

("Select * from Win32_NTEventLogFile Where LogFileName = 'System'")

For each objLogfile in colLogFiles

if objLogFile.FileSize >1200000 then

errBackupLog = objLogFile.BackupEventLog("c:\System.evt")

If errBackupLog <> 0 Then

call SendMail(IP&" Log backup error!",2)

w..quit

else

call SendMail(IP&" Log backup sucess!",2)

objLogFile.ClearEventLog()

w..quit

end if

else

w..quit

end if

End Function

'获取本机IP地址

Public Function GetIP

ComputerName="."

Dim objWMIService,colItems,objItem,objAddress

Set objWMIService = GetObject("winmgmts:\\" & ComputerName & "\root\cimv2")

Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")

For Each objItem in colItems

For Each strAddress in objItem.IPAddress

GetIP=strAddress

End Function

[结果]等到下星期布属，如果兄弟们有什么高招，或者在性能上能更能提高脚本，请赐教!谢谢....

本文转自hahazhu0634 51CTO博客，原文链接：http://blog.51cto.com/5ydycm/126758，如需转载请自行联系原作者