Parsing Passed TextOne nice thing you can do with arrays is use them to hold the results of parsing a comma-separated value (CSV) file. With Windows Server 2003, you can easily create a CSV file from the event viewer. Right-click the log you are interested in, select Save As from the menu, and choose CSV File. Now, suppose you have a file such as a CSV (I included an application log, \My Documents\Microsoft Press\VBScriptSBS\ch05\appLog.csv, from one of my test machines) and you're trying to find out about Windows Installer errors on that server. Well, you can try to weed through all those long lines of text, or you can open the file up in Microsoft Office Excel, or you can use a script to do the heavy lifting. Just the Steps The ParseAppLog.vbs script follows. Remember, the script will need to be in the same path as the appLog.csv file. ParseAppLog.vbs Option Explicit On Error Resume Next Dim arrTxtArray() Dim appLog Dim SearchString Dim objTextFile Dim strNextLine Dim intSize Dim objFSO Dim i Dim ErrorString Dim newArray intSize = 0 appLog = "applog.csv" <'>Ensure in path SearchString = "," ErrorString = "1004" Const ForReading = 1 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile _ (appLog, ForReading) Do until objTextFile.AtEndOfStream strNextLine = objTextFile.ReadLine if InStr (strNextLine, SearchString)Then If InStr (strNextLine, ErrorString) then ReDim Preserve arrTxtArray(intSize) arrTxtArray(intSize) = strNextLine intSize = intSize + 1 End If End If Loop objTextFile.close For i = LBound(arrTxtArray) To UBound(arrTxtArray) If InStr (arrTxtArray(i), ",") Then newArray = Split (arrTxtArray(i), ",") WScript.Echo "Date: " & newArray(0) WScript.Echo "Time: " & newArray(1) WScript.Echo "Source: " & newArray(2)& " "& newArray(3) WScript.Echo "Server: " & newArray(7) WScript.Echo "Message1: " & newArray(8) WScript.Echo "Message2: " & newArray(9) WScript.Echo "Message3: " & newArray(10) WScript.Echo " " End If Next WScript.Echo("all done") Tip
Header InformationThe Header information section in ParseAppLog.vbs is similar to the Header section in the previous script. The declared variables are listed in Table 5-2.
Reference InformationThe Reference information section is where you assign values to certain variables and define constants that are used in the script. Here is the Reference information section of the script: intSize = 0 appLog = "appLog.CSV" SearchString = "," ErrorString = "1004" Const ForReading = 1 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile _ (appLog, ForReading) You use appLog is used to point to the CSV file you want to parse. You use SearchString to specify that you want to look for commas. The error string you are looking for in this script is 1004, which is an error from MSI installer. By changing the error message ID, you can use the script to look for everything from dropped Internet Protocol (IP) packets from the Microsoft Internet Security and Acceleration Server (ISA) to bad logon attempts from Windows Server 2003. Important
Although special rules for advanced parsing are beyond the scope of this chapter, you are unlikely to need advanced parsing with normal application setup logs (and you definitely won't see this need in CSV files exported from the Event Viewer). Worker InformationIn the Worker information section of the script, things start to get a little interesting. You begin by using a Do Until construction that looks for the end of the read-only text string coming from objTextFile. You then define strNextLine to be equal to what comes back from the ReadLine command that we used on objTextFile. The magic begins when you use the InStr command to look for commas in the line-by-line streams of text. After you find a comma in a line, you look for the error message ID of 1004, which indicates a problem with an MSI installer package. By nesting a pair of If...Then statements and using InStr, you easily filter only the desired messages. As a result, the size of the array is smaller and less memory is required. You haven't implemented error handling here, which could easily be accomplished by using the Else command. Do Until objTextFile.AtEndofStream strNextLine = objTextFile.ReadLine If InStr (strNextLine, SearchString) > 0 Then If InStr (strNextLine, ErrorString) > 0 Then ReDim Preserve arrTxtArray(intSize) arrTxtArray(intSize) = strNextLine intSize = intSize + 1 End If End If Loop objTextFile.Close Output InformationAfter the array arrTxtArray is created, each element of the array contains an entire event message from the event log. You could just print out each line, but a more functional approach is to organize the data so that it is more comprehensible. To this end, you create a multidimensional array that holds specific elements of the event message. You begin the Output information section by using For...Next to walk from the lower boundary of the single dimensional array arrTxtArray to the upper boundary of arrTxtArray. You then look for commas in each line contained in the elements incremented by using the i counter. Once this is done, you build the multidimensional array and echo out only the elements that contain information you're interested in seeing. The script ends by echoing out an "all done" message. For i = LBound(arrTxtArray) To UBound(arrTxtArray) If InStr (arrTxtArray(i), ",") Then newArray = Split (arrTxtArray(i), ",") WScript.Echo "Date: " & newArray(0) WScript.Echo "Time: " & newArray(1) WScript.Echo "Source: " & newArray(2)& " "& newArray(3) WScript.Echo "Server: " & newArray(7) WScript.Echo "Message1: " & newArray(8) WScript.Echo "Message2: " & newArray(9) WScript.Echo "Message3: " & newArray(10) WScript.Echo " " End If Next
|