@echo off cls ::REM ***************************************************** ::REM B a t c h P r o g r a m m i n g S a m p l e ::REM from http://www.japan-page.net ::REM (C) 2002 John D. Seaman ::REM Copylefted, and released to the general Internet ::REM community, you may use, modify and release this ::REM at will as long as you retain this header. ::REM ***************************************************** ::REM Dumps DC eventlogs (currently DNS, FRS, DIR) ::REM Requires dumpevt.exe from ::REM http://www.jpsdomain.org/index.html?winlogcheck/winlogcheck.html ::REM Uses postie.exe SMTP mailer from ::REM http://www.infradig.com/postie/index.shtml ::REM Substitute Blat or another mailer if needed. ::REM -------- set - variables ------------------------------------------------- ::REM -- Set target hostname here -- set _target=%computername% ::REM Set SMTP variables set _hst=my.smtp.server.com set _too=me@server.com set _frm=%COMPUTERNAME%@server.com ::REM ---------- end - set - variables ------------------------------------------- ::REM Initialize the alert variable set _alert=0 ::REM Cleanup, create filter file del /q _*.txt ::REM Get date for log file for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do ( set DAY=%%i set MM=%%j set DD=%%k set YY=%%l ) ::REM Get the time for log file for /f "tokens=1,2* delims= " %%i in ('time /t') do set _time=%%i %%j ::REM Generate the log file echo Now checking the DC %_target%... set _log=dclog_%YY%.%MM%.%DD%.txt if exist %_log%. del /q %_log% if exist output.txt del /q output.txt echo.>>%_log% echo Report genearated on %computername% at: %YY%.%MM%.%DD% %_time% >>%_log% echo ------------------------------------------------------------ >>%_log% echo.>>%_log% echo.>>%_log% ::REM --=-----=-----=-----=-----=-----=-----=-----=-----=-----=-----=-- ::REM Do the DNS log echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo All --=DNS=-- warnings/errors over the last day on %_target%. >>%_log% echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo.>>%_log% echo Dumping the DNS log... echo Dumping the DNS log...>>%_log% dumpevt /computer=%_target% /logfile=dns /outfile=dns.out echo Filtering out warnings and errors... echo Filtering out warnings and errors...>>%_log% type dns.out | find ",Warning," >_dns_alerts.out type dns.out | find ",Error," >>_dns_alerts.out ::REM Initialize error variable, check for errors set _iszeroresult=0 call :iszero _dns_alerts.out ::REM Handle errors found condition if /i %_iszeroresult% EQU 1 (echo DNS alerts found! echo Found...>>%_log% type _dns_alerts.out | find "DNS" /c >>%_log% echo alerts in the DNS log.>>%_log% echo.>>%_log% type _dns_alerts.out >>%_log% set _alert=1 ) if /i %_iszeroresult% EQU 0 (echo No DNS alerts found! echo No DNS alerts found in the event log.>>%_log% echo.>>%_log% ) ::REM --=-----=-----=-----=-----=-----=-----=-----=-----=-----=-----=-- ::REM Do the FRS log echo.>>%_log% echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo All --=FRS=-- warnings/errors over the last day on %_target%. >>%_log% echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo.>>%_log% echo Dumping the FRS log... echo Dumping the FRS log...>>%_log% dumpevt /computer=%_target% /logfile=rpl /outfile=frs.out echo Filtering out warnings and errors... echo Filtering out warnings and errors...>>%_log% type frs.out | find ",Warning," >_frs_alerts.out type frs.out | find ",Error," >>_frs_alerts.out ::REM Initialize error variable, check for errors set _iszeroresult=0 call :iszero _frs_alerts.out ::REM Handle errors found condition if /i %_iszeroresult% EQU 1 (echo FRS alerts found! echo Found...>>%_log% type _frs_alerts.out | find "RPL" /c >>%_log% echo alerts in the FRS log.>>%_log% echo.>>%_log% type _frs_alerts.out >>%_log% set _alert=1 ) if /i %_iszeroresult% EQU 0 (echo No FRS alerts found! echo No FRS alerts found in the event log.>>%_log% echo.>>%_log% ) ::REM --=-----=-----=-----=-----=-----=-----=-----=-----=-----=-----=-- ::REM Do the Directory Service log echo.>>%_log% echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo All --=DIR=-- warnings/errors over the last day on %_target%. >>%_log% echo +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+>>%_log% echo.>>%_log% echo Dumping the DIR log... echo Dumping the DIR log...>>%_log% dumpevt /computer=%_target% /logfile=dir /outfile=dir.out echo Filtering out warnings and errors... echo Filtering out warnings and errors...>>%_log% type dir.out | find ",Warning," >_dir_alerts.out type dir.out | find ",Error," >>_dir_alerts.out ::REM Initialize error variable, check for errors set _iszeroresult=0 call :iszero _dir_alerts.out ::REM Handle errors found condition if /i %_iszeroresult% EQU 1 (echo DIR alerts found! echo Found...>>%_log% type _dir_alerts.out | find "DIR" /c >>%_log% echo alerts in the DIR log.>>%_log% echo.>>%_log% type _dir_alerts.out >>%_log% set _alert=1 ) if /i %_iszeroresult% EQU 0 (echo No DIR alerts found! echo No DIR alerts found in the event log.>>%_log% echo.>>%_log% ) ::REM Check alert condition, send alerts if needed if /i %_alert% EQU 1 (call :blastsmtp) ::REM Cleanup del /q *.out >nul goto :EOF ::REM ------------------- F U N C T I O N S ------------------------ :iszero ::REM Check if file is zero bytes or not dir %1 /s /w>iszerobytes.txt ::REM use this line for non-NT4J machines type iszerobytes.txt | find /i " 0 bytes" ::REM Goto the result based on output of errorlevel goto :iszerosize%ERRORLEVEL% :iszerosize0 ::REM File size was zero bytes echo File %1 equals zero bytes set /a _iszeroresult=0 del /q iszerobytes.txt>nul goto :EOF :iszerosize1 ::REM File size was larger than zero bytes echo File %1 larger than zero bytes set /a _iszeroresult=1 del /q iszerobytes.txt>nul goto :eof :blastsmtp ::REM Blast an SMTP alert message echo Sending SMTP alert... set _sbj="An alert condition was found on %_target%!" postie -to:%_too% -from:%_frm% -host:%_hst% -s:%_sbj% -nomsg -file:%_log% -high >>%_log% :EOF