%@ Language=VBScript %>
<% Option Explicit %>
<%
'-------------------------------------------------------------------------
' logs.asp: lists all the logs, events for the selected log and provides
' links for clearing, editing the properties and downloading
' Copyright (c) Microsoft Corporation. All rights reserved.
'-------------------------------------------------------------------------
%>
<%
'-------------------------------------------------------------------------
' Global Constants
'-------------------------------------------------------------------------
Const TYPE_COLUMN = 1
Const DATE_COLUMN = 2
Const TIME_COLUMN = 3
Const SOURCE_COLUMN = 4
Const EVENT_COLUMN = 5
Const CONST_WBEMPRIVILEGESECURITY=7 'Prilivilege constant
Const NOOFRECORDS= 100 'fixing the constant value for getting the minimum records
Dim SOURCE_FILE
Const ENABLE_TRACING = TRUE
SOURCE_FILE = SA_GetScriptFileName()
Const CONST_HIDDEN="Hidden" ' Need not localize this variable as this is hidden
'-------------------------------------------------------------------------
' Global Variables
'-------------------------------------------------------------------------
'frame work variables
Dim rc
Dim page
Dim g_bSearchChanged
Dim g_iSearchCol
Dim g_sSearchColValue
Dim g_bPagingInitialized
Dim g_bPageChangeRequested
Dim g_sPageAction
Dim g_iPageMin
Dim g_iPageMax
Dim g_iPageCurrent
Dim g_iSortCol
Dim g_sSortSequence
Dim g_bSortRequested
Dim G_strLogName 'Log name
Dim G_objConnection 'Object to WMI connection
'-------------------------------------------------------------------------
' Form Variables
'-------------------------------------------------------------------------
Dim F_strevent_title 'To get the title from previous page
Dim F_pageTitle 'to get the page title.
Dim arrTitle(1)
'======================================================
' Entry point
'======================================================
' Create Page
'Title localisation
F_strevent_title = lcase(Request.QueryString("Title"))
Select case F_strevent_title
case Lcase("Applicationlog")
F_pageTitle = L_APPLICATION_TEXT
case Lcase("Systemlog")
F_pageTitle = L_SYSTEM_TEXT
case Lcase("Securitylog")
F_pageTitle = L_SECURITY_TEXT
End select
arrTitle(0) = F_pageTitle
L_PAGETITLE_LOGS_TEXT = SA_GetLocString("event.dll", "403F001A", arrTitle)
Call SA_CreatePage(L_PAGETITLE_LOGS_TEXT, "", PT_AREA, page )
Call SA_ShowPage( page )
'---------------------------------------------------------------------
' Function name: OnInitPage
' Description: Called to signal first time processing for this page.
' Input Variables: PageIn and EventArg
' Output Variables: PageIn, EventArg
' Return Values: TRUE to indicate initialization was successful. FALSE to indicate
' errors. Returning FALSE will cause the page to be abandoned.
' Global Variables: Out: G_strLogName
' Called to signal first time processing for this page. Use this method
' to do first time initialization tasks.
'---------------------------------------------------------------------
Public Function OnInitPage(ByRef PageIn, ByRef EventArg)
OnInitPage = TRUE
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "OnInitPage")
End If
'Getting the value of the log. and description from previous page.
F_strevent_title = Request.QueryString("Title")
G_strLogName = getWMILogFileName(F_strevent_title)
'Set default values
'
'Sort hidden column in descending sequence as we have numbering in reverse order
g_iSortCol = 6
g_sSortSequence = "D"
'
' Paging needs to be initialized
g_bPagingInitialized = FALSE
'
'Start on page #1
g_iPageCurrent = 1
End Function
'---------------------------------------------------------------------
' Function name: OnServeAreaPage
' Description: Called when the page needs to be served.
' Input Variables: PageIn, EventArg
' Output Variables: PageIn, EventArg
' Return Values: TRUE to indicate no problems occured. FALSE to indicate errors.
' Returning FALSE will cause the page to be abandoned.
' Global Variables: None
'Called when the page needs to be served. Use this method to serve content.
'---------------------------------------------------------------------
Public Function OnServeAreaPage(ByRef PageIn, ByRef EventArg)
OnServeAreaPage= getLogsEvents()
'Release the object
Set G_objConnection = Nothing
End Function
'---------------------------------------------------------------------
' Function: OnSearchNotify()
'
' Synopsis: Search notification event handler. When one or more columns are
' marked with the OTS_COL_SEARCH flag, the Web Framework fires
' this event in the following scenarios:
'
' 1) The user presses the search Go button.
' 2) The user requests a table column sort
' 3) The user presses either the page next or page previous buttons
'
' The EventArg indicates the source of this notification event which can
' be either a search change event (scenario 1) or a post back event
' (scenarios 2 or 3)
'
' Returns: Always returns TRUE
'
'---------------------------------------------------------------------
Public Function OnSearchNotify(ByRef PageIn, _
ByRef EventArg, _
ByVal sItem, _
ByVal sValue )
OnSearchNotify = TRUE
'
' User pressed the search GO button
'
If SA_IsChangeEvent(EventArg) Then
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "OnSearchNotify() Change Event Fired")
End If
g_bSearchChanged = TRUE
g_iSearchCol = Int(sItem)
g_sSearchColValue = CStr(sValue)
'
' User clicked a column sort, OR clicked either the page next or page prev button
ElseIf SA_IsPostBackEvent(EventArg) Then
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "OnSearchNotify() Postback Event Fired")
End If
g_bSearchChanged = FALSE
g_iSearchCol = Int(sItem)
g_sSearchColValue = CStr(sValue)
'
' Unknown event source
Else
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "Unrecognized Event in OnSearchNotify()")
End If
End IF
End Function
'---------------------------------------------------------------------
' Function: OnPagingNotify()
'
' Synopsis: Paging notification event handler. This event is triggered in one of
' the following scenarios:
'
' 1) The user presses either the page next or page previous buttons
' 2) The user presses the search Go button.
' 3) The user requests a table column sort
'
' The EventArg indicates the source of this notification event which can
' be either a paging change event (scenario 1) or a post back event
' (scenarios 2 or 3)
'
' The iPageCurrent argument indicates which page the user has requested.
' This is an integer value between iPageMin and iPageMax.
'
' Returns: Always returns TRUE
'
'---------------------------------------------------------------------
Public Function OnPagingNotify(ByRef PageIn, _
ByRef EventArg, _
ByVal sPageAction, _
ByVal iPageMin, _
ByVal iPageMax, _
ByVal iPageCurrent )
OnPagingNotify = TRUE
g_bPagingInitialized = TRUE
'
' User pressed either page next or page previous
'
If SA_IsChangeEvent(EventArg) Then
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "OnPagingNotify() Change Event Fired")
End If
g_bPageChangeRequested = TRUE
g_sPageAction = CStr(sPageAction)
g_iPageMin = iPageMin
g_iPageMax = iPageMax
g_iPageCurrent = iPageCurrent
'
' User clicked a column sort OR the search GO button
ElseIf SA_IsPostBackEvent(EventArg) Then
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "OnPagingNotify() Postback Event Fired")
End If
g_bPageChangeRequested = FALSE
g_sPageAction = CStr(sPageAction)
g_iPageMin = iPageMin
g_iPageMax = iPageMax
g_iPageCurrent = iPageCurrent
'
' Unknown event source
Else
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "Unrecognized Event in OnPagingNotify()")
End If
End IF
End Function
'---------------------------------------------------------------------
' Function: OnSortNotify()
'
' Synopsis: Sorting notification event handler. This event is triggered in one of
' the following scenarios:
'
' 1) The user presses the search Go button.
' 2) The user presses either the page next or page previous buttons
' 3) The user requests a table column sort
'
' The EventArg indicates the source of this notification event which can
' be either a sorting change event (scenario 1) or a post back event
' (scenarios 2 or 3)
'
' The sortCol argument indicated which column the user would like to sort
' and the sortSeq argument indicates the desired sort sequence which can
' be either ascending or descending.
'
' Returns: Always returns TRUE
'
'---------------------------------------------------------------------
Public Function OnSortNotify(ByRef PageIn, _
ByRef EventArg, _
ByVal sortCol, _
ByVal sortSeq )
OnSortNotify = TRUE
' User pressed column sort
If SA_IsChangeEvent(EventArg) Then
Call SA_TraceOut("SOURCE_FILE", "OnSortNotify() Change Event Fired")
g_bSearchChanged=TRUE
g_iSortCol = Int(sortCol)
g_sSortSequence = sortSeq
' User presed the search GO button OR clicked either the page next or page prev button
ElseIf SA_IsPostBackEvent(EventArg) Then
Call SA_TraceOut("SOURCE_FILE", "OnSortNotify() Postback Event Fired")
g_iSortCol = sortCol
g_bSortRequested = TRUE
' Unknown event source
Else
Call SA_TraceOut("SOURCE_FILE", "Unrecognized Event in OnSearchNotify()")
End IF
Call SA_TraceOut(SOURCE_FILE, "Sort col: " + CStr(sortCol) + " sequence: " + sortSeq)
End Function
'---------------------------------------------------------------------
' Function name: getLogsEvents
' Description: To get events for a log
' Input Variables: None
' Output Variables: None
' Return Values: TRUE to indicate no problems occured. FALSE to indicate errors.
' Returning FALSE will display error message.
' Global Variables: L_(*),G_strLogName
'Called to display events for a log in OTS table.
'---------------------------------------------------------------------
Function getLogsEvents()
Err.Clear
On Error Resume Next
Dim objTableLog 'Object to table
Dim objLognames
Dim strTitle
Dim strLogTitle, strLogName
Dim strQuery, strDate , strTime , objInstances
Dim colFlags
Dim strRecordNumber
Dim intRowCt
Dim intArrIndex
Dim intCount
Dim arrLogs()
Dim strLogType 'Logs type
Dim arrLogType(1)
Dim oEncoder
Set oEncoder = new CSAEncoder
'This variable is only used to sort the entries this is temporary one As OTS allows only string sort
'we are making use of numbers to sort as string
Dim strSortKeyNumber
strSortKeyNumber=90000
'
'
Const CONST_SESCURITY = "Security"
intRowCt = 0
intArrIndex = 0
'Forming the log title
strTitle="?Title=" & G_strLogName
'To get the title for the log
strLogTitle = Split(F_strevent_title, L_LOG_TXT)
arrLogType(0) = strLogTitle(0)
strLogName =SA_GetLocString("event.dll", "403F0014", arrLogType)
F_strevent_title = strLogName
'Trying to connect to the server
Set G_objConnection = getWMIConnection(CONST_WMI_WIN32_NAMESPACE) 'Connecting to the server
'setting the security previleges only in the case of security log
If Lcase(G_strLogName) = Lcase(CONST_SESCURITY) then
'G_ObjConnection.Security_.Privileges.Add CONST_WBEMPRIVILEGESECURITY 'giving the req privileges
End If
'Incase connection fails
If Err.number <> 0 then
Call SA_ServeFailurepage (L_FAILEDTOGETWMICONNECTION_ERRORMESSAGE)
getLogsEvents = false
Exit Function
End if
'Querying to get the events for the log
strQuery ="SELECT * FROM Win32_NTlogEvent WHERE Logfile=" & chr(34) & G_strLogName & chr(34)
Set objLognames = G_objConnection.ExecQuery(strQuery,"WQL",48,null)
For each objInstances in objLognames
redim preserve arrLogs(5, intArrIndex)
'strDate=Mid(objInstances.TimeGenerated,5,2)& "/" & Mid(objInstances.TimeGenerated,7,2) & "/" & Mid(objInstances.TimeGenerated,1,4)
strDate=Mid(objInstances.TimeGenerated,1,4) & "-" & Mid(objInstances.TimeGenerated,5,2) & "-" & Mid(objInstances.TimeGenerated,7,2)
strTime=Mid(objInstances.TimeGenerated,9,2)& ":" & Mid(objInstances.TimeGenerated,11,2)& ":" & Mid(objInstances.TimeGenerated,13,2)
strRecordNumber = objInstances.RecordNumber
'Assigning event fields to the array
arrLogs(0,intArrIndex)=strRecordNumber
arrLogs(1,intArrIndex)=objInstances.Type
arrLogs(2,intArrIndex)=FormatDateTime(CDate(strDate),2)
arrLogs(3,intArrIndex)=FormatDateTime(CDate(strTime),3)
arrLogs(4,intArrIndex)=objInstances.sourceName
arrLogs(5,intArrIndex)=objInstances.EventCode
'If the OS and SAKit languages are different,
'convert event type string to SAKit language
'It works only from English to Non-English
'If OS is not English, just use the string as it is.
Select Case ucase(arrLogs(1,intArrIndex))
case ucase("information")
strLogType = L_INFORMATION_TYPE_TEXT
case ucase("error")
strLogType = L_ERROR_TYPE_TEXT
case ucase("warning")
strLogType = L_WARNING_TYPE_TEXT
case ucase("audit success" )
strLogType = L_SUCCESSAUDIT_TYPE_TEXT
case ucase("audit failure")
strLogType = L_FAILUREAUDIT_TYPE_TEXT
case else
strLogType = arrLogs(1,intArrIndex)
End Select
arrLogs(1,intArrIndex) = strLogType
intArrIndex = intArrIndex + 1
Next
If Err.number <> 0 then
Call SA_ServeFailurepage (L_FAILEDTOGETEVENTS_ERRORMESSAGE)
getLogsEvents = false
Exit Function
End if
'Create table if events are there in the log
If intArrIndex <> 0 then
'Create Appliance Log table with 7 coloumns
objTableLog = OTS_CreateTable(F_strevent_title, L_DESCRIPTION_HEADING_TEXT )
Else
'Description is changed if no events are available in the log
objTableLog = OTS_CreateTable(F_strevent_title, L_DESCRIPTION_PROPERTIES_HEADING_TEXT)
End if
'
' If the search criteria changed then we need to recompute the paging range
If ( TRUE = g_bSearchChanged ) Then
'
' Need to recalculate the paging range
g_bPagingInitialized = FALSE
'
' Restarting on page #1
g_iPageCurrent = 1
End If
'
' Create columns
colFlags = (OTS_COL_FLAG_HIDDEN OR OTS_COL_SORT OR OTS_COL_KEY)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx(L_PRIMARY_TEXT,"left",colFlags ,15))
colFlags = (OTS_COL_SEARCH OR OTS_COL_SORT OR OTS_COL_KEY)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumn(L_TYPE_TEXT, "left", colFlags))
colFlags = (OTS_COL_SEARCH OR OTS_COL_SORT)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx( L_DATE_TEXT, "left",colFlags,40))
colFlags = (OTS_COL_SEARCH OR OTS_COL_SORT)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx(L_TIME_TEXT,"left",colFlags,70))
colFlags = (OTS_COL_SEARCH OR OTS_COL_SORT)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx(L_SOURCE_TEXT, "left",colFlags,100))
colFlags = (OTS_COL_SEARCH OR OTS_COL_SORT)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx(L_ID_TEXT,"left", colFlags,130))
colFlags = (OTS_COL_FLAG_HIDDEN OR OTS_COL_SORT OR OTS_COL_KEY)
Call OTS_AddTableColumn(objTableLog, OTS_CreateColumnEx(CONST_HIDDEN,"left",colFlags ,15))
' Set Tasks section title
Call OTS_SetTableTasksTitle(objTableLog, L_TASKS_TEXT)
' Add the tasks associated with Logs objects
Call OTS_AddTableTask( objTableLog, OTS_CreateTaskEx(L_ITEMDETAILS_TEXT,L_ITEMDETAILS_ROLLOVER_TEXT , "logs/log_details.asp" & strTitle,OTS_PT_AREA,"OTS_TaskAny") )
Call OTS_AddTableTask( objTableLog, OTS_CreateTaskEx(L_DOWNLOAD_TEXT,L_DOWNLOAD_ROLLOVER_TEXT , "logs/log_download.asp" & strTitle, OTS_PT_AREA, "OTS_TaskAny") )
Call OTS_AddTableTask( objTableLog, OTS_CreateTaskEx(L_PROPERTIES_TEXT,L_PROPERTIES_ROLLOVER_TEXT , "logs/log_prop.asp" & strTitle,OTS_PT_PROPERTY,"OTS_TaskAlways") )
Call OTS_AddTableTask( objTableLog, OTS_CreateTaskEx(L_CLEAR_TEXT,L_CLEAR_ROLLOVER_TEXT , "logs/log_clear.asp" & strTitle,OTS_PT_PROPERTY,"OTS_TaskAny") )
'Adding items to the OTS table
For intCount = 0 to intArrIndex-1
'This variable is only used to sort the entries this is temporary one As OTS allows only string sort
'we are making use of numbers to sort as string
strSortKeyNumber = strSortKeyNumber - 1
'
'
If ( Len( g_sSearchColValue ) <= 0 ) Then
' Search criteria blank, select all rows
intRowCt=intRowCt+1
' Verify that the current user part of the current page
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End If
Else
' Check the Search criteria
Select Case (g_iSearchCol)
Case TYPE_COLUMN
If ( InStr(1, arrLogs(1,intCount), g_sSearchColValue, 1) ) Then
intRowCt=intRowCt+1
' Verify that the current event part of the current page
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End If
End If
Case DATE_COLUMN
If ( InStr(1, arrLogs(2,intCount), g_sSearchColValue, 1) ) Then
intRowCt=intRowCt+1
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog,Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End if
End If
Case TIME_COLUMN
If ( InStr(1, arrLogs(3,intCount), g_sSearchColValue, 1) ) Then
intRowCt=intRowCt+1
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End if
End If
Case SOURCE_COLUMN
If ( InStr(1, arrLogs(4,intCount), g_sSearchColValue, 1) ) Then
intRowCt=intRowCt+1
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End if
End If
Case EVENT_COLUMN
If ( InStr(1, arrLogs(5,intCount), g_sSearchColValue, 1) ) Then
intRowCt=intRowCt+1
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End if
End If
Case Else
Call SA_TraceOut(SOURCE_FILE, "Unrecognized search column: " + CStr(g_iSearchCol))
intRowCt=intRowCt+1
If ( IsItemOnPage( intRowCt, g_iPageCurrent, NOOFRECORDS) ) Then
Call OTS_AddTableRow( objTableLog, Array( arrLogs(0,intCount) ,arrLogs(1,intCount) ,arrLogs(2,intCount) ,arrLogs(3,intCount) ,arrLogs(4,intCount),arrLogs(5,intCount),strSortKeyNumber ) )
End if
End Select
End If
Next
' Enable paging feature
Call OTS_EnablePaging(objTableLog, true)
If ( ENABLE_TRACING ) Then
Call SA_TraceOut(SOURCE_FILE, "Total records: " + CStr(intArrIndex))
End If
'
' If paging range needs to be initialised then
' we need to figure out how many pages we are going to display
If ( FALSE = g_bPagingInitialized ) Then
g_iPageMin = 1
g_iPageMax = Int(intRowCt / NOOFRECORDS )
If ( (intRowCt MOD NOOFRECORDS) > 0 ) Then
g_iPageMax = g_iPageMax + 1
End If
g_iPageCurrent = 1
Call OTS_SetPagingRange( objTableLog, g_iPageMin, g_iPageMax, g_iPageCurrent)
End If
'
' Sort the table
'
Call OTS_SortTable(objTableLog, g_iSortCol, g_sSortSequence, SA_RESERVED)
' Send table to the response stream
'
Call OTS_ServeTable(objTableLog)
'Display msg if no events are there in log
If intRowCt = 0 then
Response.write "
" & oEncoder.EncodeElement(L_NOEVENTSAVAILABLE_TEXT) & "
"
End if
'Set to nothing
Set objInstances = Nothing
Set objLognames=Nothing
getLogsEvents = True
End Function
'-------------------------------------------------------------------------
' Function name: getWMILogFileName
' Description: returns WMI Log File name
' Input Variables: strTitle - Title or caption of the log
' Output Variables: None
' Return Values: Returns WMI Log File name
' Global Variables: None
' Return the WMI LogFile name. If the Title is not found Returns null
'-------------------------------------------------------------------------
Function getWMILogFileName(strTitle)
Err.Clear
On Error Resume Next
const strDNS = "DNS Server"
const strApplication = "Application"
const strSecurity = "Security"
const strSystem = "System"
'To get the Log name
select case strTitle
case "ApplicationLog"
getWMILogFileName = strApplication
case "SystemLog"
getWMILogFileName = strSystem
case "SecurityLog"
getWMILogFileName = strSecurity
case "DnsLog"
getWMILogFileName = strDNS
case else
getWMILogFileName = ""
end select
End Function
'-------------------------------------------------------------------------
' Function name: IsItemOnPage
' Description: Search for the item on page
' Input Variables: iCurrentItem, iCurrentPage, iItemsPerPage
' Output Variables: None
' Return Values: True/False
' Global Variables: None
'-------------------------------------------------------------------------
Private Function IsItemOnPage(ByVal iCurrentItem, iCurrentPage, iItemsPerPage)
Dim iLowerLimit
Dim iUpperLimit
iLowerLimit = ((iCurrentPage - 1) * iItemsPerPage )
iUpperLimit = iLowerLimit + iItemsPerPage + 1
If ( iCurrentItem > iLowerLimit AND iCurrentItem < iUpperLimit ) Then
IsItemOnPage = TRUE
Else
IsItemOnPage = FALSE
End If
End Function
%>