Sample JavaScript code for a Windows event log monitor
Adapt this code sample to set up a script for monitoring the main Windows event log and for shutting down all services if a specific error occurs.
// Define a list of key strings to watch for in the event log. For example to look
// for the string "Connection is lost", add an array element:
// keyStrings[1] = "Connection is lost";
// The search is not case sensitive.
var keyStrings = new Array();
keyStrings[0] = "Connection is closed";
// Add more strings to monitor additional event log messages such as:
//keyStrings[1] = "Connection is lost";
//keyStrings[2] = "File not found";
var Computer = ".";
// Change the ServiceName value to monitor the event logs of a different service.
// To find the name:
// 1. Open the Windows services management console.
// 2. Right click the service and select Properties.
// The service name is displayed on the General tab.
var ServiceName = "ibm.ctms.taskrouteservice";
var WMI = GetObject
( "winmgmts:" + "{impersonationLevel=impersonate}!\\\\"
+ Computer + "\\root\\cimv2" );
while ( true )
{
WScript.echo("Monitoring the Windows Event Log");
var Events = WMI.execNotificationQuery
( "SELECT * "
+ "FROM __InstanceCreationEvent "
+ "WHERE TargetInstance ISA 'Win32_NTLogEvent' "
+ "AND TargetInstance.LogFile = 'Application' "
+ "AND Targetinstance.SourceName LIKE '" + ServiceName + "%'");
var wbemObj = Events.nextEvent();
var evnt = wbemObj.targetInstance;
// For debugging, uncomment the WScript.echo statements to see which Windows
// event log entry is currently being processed.
//WScript.echo( evnt.Sourcename );
//WScript.echo( evnt.message );
var msg = evnt.message;
// Test the incoming message against every keyString
for( var i = 0; i < keyStrings.length; i++)
{
// To make the search case sensitive, remove the "i" modifier.
// Remember to adapt the comments at the top of the script accordingly.
var regex = new RegExp(".*" + keyStrings[i] + ".*", "i");
if (regex.test(msg))
{
WScript.echo("\"" + msg + "\" message found");
// Stop the Task Routing Engine service
startStopService("ibm.ctms.taskrouteservice", "stop");
Events = null;
break;
}
}
}
// The following code starts or stops a service, where:
// serviceName is the name of the service as it appears in the registry.
// action is the action to take, this string should be "start" or "stop".
function startStopService( serviceName, action )
{
WScript.echo("Attempting to " + action + " service " + serviceName);
var wbemFlagReturnImmediately = 0x10;
var wbemFlagForwardOnly = 0x20;
var computer = ".";
var objWMIService = GetObject("winmgmts:\\\\" + computer + "\\root\\CIMV2");
var colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Service where Name = '"
+ serviceName + "'", "WQL", wbemFlagReturnImmediately | wbemFlagForwardOnly);
var enumItems = new Enumerator(colItems);
for (; !enumItems.atEnd(); enumItems.moveNext())
{
var objItem = enumItems.item();
if (action == "stop")
{
objItem.stopService();
}
else if (action == "start")
{
var returncode = objItem.startService();
WScript.Echo("start service returned " + returncode);
}
else
{
WScript.Echo("action: \"" + action + "\" not recognized");
}
}
}