{"id":3382,"date":"2013-06-18T00:01:00","date_gmt":"2013-06-18T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/06\/18\/translate-a-vbscript-event-log-script-to-powershell-dude\/"},"modified":"2013-06-18T00:01:00","modified_gmt":"2013-06-18T00:01:00","slug":"translate-a-vbscript-event-log-script-to-powershell-dude","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/translate-a-vbscript-event-log-script-to-powershell-dude\/","title":{"rendered":"Translate a VBScript Event Log Script to PowerShell, Dude…"},"content":{"rendered":"

Summary<\/strong>: Microsoft Scripting Guy, Ed Wilson, talks about translating a VBScript script that queries the Windows Event logs directly into Windows PowerShell.<\/span> <\/span> <\/span>\n\"Hey, Hey, Scripting Guy! Dude! I have this way cool VBScript script that I use every day to query the event logs on our servers. It receives all of the events and displays it to the screen. I look at the events as they scroll past; and in this way, I get a good overview of what’s happening on the servers. I am thinking of translating it to Windows PowerShell because I hear that Windows PowerShell is the way of the future. Is this cool or what? <\/span>\n—SW\n\"Hey, Hello SW,\nMicrosoft Scripting Guy, Ed Wilson, is here. The Scripting Wife and I are busy getting ready for the Atlanta TechStravaganza<\/a>. We leave Thursday afternoon, and we get back late Friday night. Then leave on Saturday for TechEd Europe 2013 in Madrid<\/a>. So things are really hopping around here. \nSW, if you like your Event Log VBScript script, then by all means keep using it. But whatever you do, please do not translate it directly into Windows PowerShell. Here is why… <\/span><\/p>\n

Retrieving event log events: the VBScript way<\/h2>\n

Back in the VBScript days, it was not uncommon to use WMI to connect to a local computer or a remote server to retrieve event log events. The way I generally did it was to use WMI. Here is an example VBScript script of performing this very task (this script appears in the Script Center Repository).\nList events from a Specific Event Log<\/a><\/p>\n

VBScript<\/strong> <\/span><\/p>\n

 <\/p>\n

strComputer = “.”<\/p>\n

Set objWMIService = GetObject(“winmgmts:” _<\/p>\n

    & “{impersonationLevel=impersonate}!\\” & strComputer & “rootcimv2”)<\/p>\n

 <\/p>\n

Set colLoggedEvents = objWMIService.ExecQuery _<\/p>\n

    (“Select * from Win32_NTLogEvent Where Logfile = ‘Application'”)<\/span><\/p>\n

 <\/p>\n

For Each objEvent in colLoggedEvents<\/p>\n

    Wscript.Echo “Category: ” & objEvent.Category<\/p>\n

    Wscript.Echo “Computer Name: ” & objEvent.ComputerName<\/p>\n

    Wscript.Echo “Event Code: ” & objEvent.EventCode<\/p>\n

    Wscript.Echo “Message: ” & objEvent.Message<\/p>\n

    Wscript.Echo “Record Number: ” & objEvent.RecordNumber<\/p>\n

    Wscript.Echo “Source Name: ” & objEvent.SourceName<\/p>\n

    Wscript.Echo “Time Written: ” & objEvent.TimeWritten<\/p>\n

    Wscript.Echo “Event Type: ” & objEvent.Type<\/p>\n

    Wscript.Echo “User: ” & objEvent.User <\/span><\/p>\n

Next\nThe above script is 19 lines of code—not too bad really. As you can see, it contains a great deal of repetition, which means much of it is simple cut, paste, and edit. Certainly it is easier to use this script than to open the Event Viewer and connect to a bunch of servers.<\/p>\n

Translating the Event Log events script to PowerShell<\/h2>\n

Certainly it is possible to translate the event log script to Windows PowerShell. This is because Windows PowerShell does WMI very well. However, a direct translation does not take advantage of the way that Windows PowerShell works. Here is a translated script of the above VBScript script (you can find the script in the Script Center Repository; it makes a great bad example).\nList events from Event Logs<\/a><\/p>\n

Windows PowerShell<\/strong><\/p>\n

 <\/p>\n

$strComputer = “.”<\/p>\n

$colItems = get-wmiobject -class “Win32_NTLogEvent” -namespace “rootCIMV2” ` <\/span><\/p>\n

-computername $strComputer -Filter ‘logfile = “application”‘<\/p>\n

 <\/p>\n

foreach ($objItem in $colItems) {<\/p>\n

      write-host “Category: ” $objItem.Category<\/span><\/p>\n

      write-host “Category String: ” $objItem.CategoryString<\/p>\n

      write-host “Compute rName: ” $objItem.ComputerName<\/p>\n

      write-host “Data: ” $objItem.Data<\/p>\n

      write-host “Event Code: ” $objItem.EventCode<\/p>\n

      write-host “Event Identifier: ” $objItem.EventIdentifier<\/p>\n

      write-host “Event Type: ” $objItem.EventType<\/p>\n

      write-host “Insertion Strings: ” $objItem.InsertionStrings<\/p>\n

      write-host “Logfile: ” $objItem.Logfile<\/p>\n

      write-host “Message: ” $objItem.Message<\/p>\n

      write-host “Record Number: ” $objItem.RecordNumber<\/p>\n

      write-host “Source Name: ” $objItem.SourceName<\/p>\n

      write-host “Time Generated: ” $objItem.TimeGenerated<\/p>\n

      write-host “Time Written: ” $objItem.TimeWritten<\/p>\n

      write-host “Type: ” $objItem.Type<\/p>\n

      write-host “User: ” $objItem.User<\/p>\n

      write-host<\/p>\n

}\nAs you can see, the translated script follows the syntax of the VBScript original with little variation. So the script works, and “now you are doing Windows PowerShell,” but there is no Windows PowerShell advantage. If you understand your previous VBScript, you can certainly understand the Windows PowerShell version of that script—but it is still a decent amount of copy, paste, and edit to create the script.<\/p>\n

A better way to do this sort of thing… <\/span><\/h2>\n

A better way to do this is to at least take advantage of the way that Windows PowerShell works. The following code accomplishes this. <\/span><\/p>\n

Get-WmiObject win32_ntlogevent -Filter ‘logfile = “application”‘\nYep, you have got that right. It is a single line of code—65 characters instead of 25 lines of code. Now we are beginning to take advantage of Windows PowerShell.<\/p>\n

But it gets better<\/h2>\n

OK, so if you are familiar with the previous VBScript script, and the bad version of the Windows PowerShell script, using the Get-WmiObject<\/strong> approach is probably understandable. But in reality, it is still too much typing, and it does not really make sense. The common question that I used to get all the time with WMI was, “So how did I know that class was there?” Well, Windows PowerShell has great discoverability, but to be honest I never use WMI to query the event logs. The reason? There is a cmdlet that does this for me. The command is shown here:<\/p>\n

Get-EventLog -LogName application\nThe nice thing about this cmdlet, is that it makes sense. The code is very readable. Anyone looking at it will know immediately what it is doing. If I need to connect remotely, I just add the –ComputerName<\/strong> parameter as shown here:<\/p>\n

Get-EventLog -LogName application -ComputerName dc1\nIf I need to connect to multiple computers, I can do this:<\/p>\n

Get-EventLog -LogName application -ComputerName dc1, dc2, dc3\nAgain, the syntax is really clean and easy to read. This is the Windows PowerShell advantage.\nSW, that is all there is to using Windows PowerShell to query a specific event log. Join me tomorrow when I will talk some more about translating VBScript to PowerShell.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/strong>\n <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about translating a VBScript script that queries the Windows Event logs directly into Windows PowerShell.    Hey, Scripting Guy! Dude! I have this way cool VBScript script that I use every day to query the event logs on our servers. It receives all of the events and displays it […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[97,98,3,4,155,45],"class_list":["post-3382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-event-logs","tag-logs-and-monitoring","tag-scripting-guy","tag-scripting-techniques","tag-vbscript-migration","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about translating a VBScript script that queries the Windows Event logs directly into Windows PowerShell.    Hey, Scripting Guy! Dude! I have this way cool VBScript script that I use every day to query the event logs on our servers. It receives all of the events and displays it […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=3382"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3382\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=3382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=3382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=3382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}