|
the Notepad application should appear on your desktop.
Collecting Windows NT Log Events in WMI
Now that we have collected some data and executed some methods, we move on to the subject of events. WMI can supply events for many types of changes or occurrences in the system. In this example the script is built to register for any new events written to the Windows NT or Windows 2000 event log. When a new event is written, WMI generates a WMI event that an event consumer such as this script can receive. It is important to note, however, that WMI events are only sent when at least one consumer has registered to receive them. If no one is listening, WMI does not spend resources on watching for a given occurrence in the system:
set events =
GetObject("winmgmts:{impersonationLevel=impersonate}")
.ExecNotificationQuery _
("select * from __instancecreationevent where targetinstance
isa ''''Win32_NTLogEvent''''")
if err <> 0 then
WScript.Echo Err.Description, Err.Number, Err.Source
end if
'''' Note this next call will wait indefinitely - a timeout can be
specified
WScript.Echo "Waiting for NT Events..."
do
set NTEvent = events.nextevent
if err <> 0 then
WScript.Echo Err.Number, Err.Description, Err.Source
Exit Do
else
WScript.Echo NTEvent.TargetInstance.Message
end if
loop
WScript.Echo "finished".
Using the ExecNotificationQuery() method, the script submits a query defining the types of events to be sent when they occur. When an event is written to the log, it in effect creates an instance of the Win32_NTLogEvent class. WMI can detect when an instance is created, modified, or deleted, and this information is the source of the event we are looking for. The SQL query statement in effect tells WMI to "send any instance creation events where the instance being created is of the Win32_NTLogEvent class." Instance creation events for other classes will not be reported because they do not match the criteria of the query.
The script simply waits in a loop for the events to arrive and then displays the message property of the received instances.
Collecting High CPU Utilization Events
In the previous example the events were being supplied by the Event Log provider directly and were driven by the provider being called back by the Event Log service as new events were logged. Not all services supply such mechanisms for reporting interesting events, nor is it always reasonable to expect them to. Rather than not have events for some instrumentation, WMI has a built-in mechanism to generate events where no underlying event support exists. In fact, by virtue of the fact that a property is instrumented, it can be the source of events.
In this example I demonstrate how CPU utilization can be monitored and, when a processor is heavily loaded, an event will be generated and sent to registered consumers. This is available even though there is no internal event mechanism for this particular measurement built in to the operating system:
set events =
GetObject("winmgmts:{impersonationLevel=impersonate}")
.ExecNotificationQuery _
("select * from __instancemodificationevent within 5 where
targetinstance isa ''''Win32_Processor'''' and
targetinstance.LoadPercentage > 50")
if err <> 0 then
WScript.Echo Err.Description, Err.Number, Err.Source
end if
'''' Note this next call will wait indefinitely - a timeout can be
specified
WScript.Echo "Waiting for CPU load events..."
WScript.Echo ""
do
set NTEvent = events.nextevent
if err <> 0 then
WScript.Echo Err.Number, Err.Description, Err.Source
Exit Do
else
WScript.Echo NTEvent.TargetInstance.DeviceID WScript.Echo
NTEvent.TargetInstance.LoadPercentage
end if
loop
WScript.Echo "finished"
In this script we modify the previous Windows NT event log script to watch now for a CPU being heavily loaded. Notice that now we are watching for events regarding instance modification rather than instance creation as in the previous example. Also, the class being monitored is the Win32_Processor class and there is additional constraint that the LoadPercentage property (a member of the Win32_Processor class) must have a value greater than 50. Because WMI is monitoring the value of the LoadPercentage property and generating events when its value changes and meets the query criteria, it needs a parameter to tell it how often to monitor the value. This is the purpose of the WITHIN clause in the query. The WITHIN clause defines the maximum time interval that should pass before WMI checks the value of the property to see if it has changed and meets the query requirements. This value can also be viewed as the maximum amount of time the consumer can wait before getting the desired event.
Just as before, when the query criteria is fulfilled, WMI sends an event to the script, which in turn prints some information about the event; in this case CPU name and the actual measured load percentage is shown. Incidentally, this script works equally well on single and multiple CPU systems. Because the script looks for any instance modification that affects an instance of the Win32_Processor class, it will report any CPU that exceeds the specified load criteria. Naturally, if only a particular CPU load was of interest, the query could easily be changed to limit its scope.
This same functionality can be leveraged for any property that is visible through WMI, whether it is part of the instrumentation provided in the operating system or added by a third party. Absolutely no additional work needs to be done to make this happen; it is a standard feature that comes for free by instrumenting your product with WMI. And, if the underlying API does support an internal event system that can deliver the same information in perhaps a more optimized way, the writer of the provider can easily and seamlessly override the WMI event monitoring without the event consumer having to be aware of the difference. Thus, a consumer will automatically get the benefits of the best event mechanism available without any changes to the way it works. And, it should be emphasized again, WMI will not monitor any property in the way just described unless there is an event consumer registered for those particular events. Once the registration is removed (for example, the script ends), WMI will no longer watch for the requested events.
Conclusion
WMI is a key part of Microsoft''''s strategy to make the Windows platform the most manageable operating systems available and lower the TCO for its customers. Based on industry standards and endorsed by the DMTF, WMI provides a rich and extensible object model that allows computer systems to be managed in a consistent, scriptable way, either locally or remotely. Most core operating system information and services are already instrumented as part of the basic WMI system that comes with Windows 2000. Instrumentation for other Microsoft and third-party products is available and under development, making WMI the best way to manage Windows-based systems in a scalable, reliable, and unified way.
In this article, you have been introduced to just some of the useful features available in WMI. WMI provides an object-oriented set of classes, properties, methods, events, and associations that can be easily and powerfully accessed through scripting languages, Microsoft Visual Basic and Microsoft Visual C++® alike. I have tried to demonstrate some of WMI''''s powerful functionality through several sample scripts, but these just scratch the surface. I hope with these examples, along with the accompanying instrumentation chart, you will take an opportunity to explore the information WMI makes available to enable powerful management of your systems. Future articles will cover more in-depth concepts such as writing WMI providers, advanced event handling, and client applications.
A full set of documentation on building WMI components and using WMI is available in the WMI SDK, which ships as part of the MSDN Windows 2000 Platform SDK, or can be downloaded for free from http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/wmisdk/wmistart_5kth.htm . The core WMI components needed for Windows NT 4.0 systems and Windows 95/98 can also be downloaded from this site.
上一页 [1] [2] [3] [4]
[系统软件]windows下Apache+php+mysql的安装与配置图解 [办公软件]excel中的VBA中的With语句的使用介绍及实例
[操作系统]在Windows中玩转Linux操作系统 [操作系统]死马还当活马医:6种方法挽救Windows系统
[聊天工具]四大更新 Windows Live Msn 8.1评测 [聊天工具]Windows Live Messenger最新0683版亮相_联络工具_…
[聊天工具]Windows Live Mail招人爱的N个理由_联络工具_Wind… [聊天工具]Windows Live Mail Desktop多图欣赏_联络工具_Win…
[聊天工具]OE老了 微软开发新邮件客户端取而代之_联络工具 [聊天工具]Windows Live Messenger中文版试用报告(一)__天极…
|
注:本站部分文章源于互联网,版权归原作者所有!如有侵权,请原作者与本站联系,本站将立即删除! 本站文章除特别注明外均可转载,但需注明出处! [MinTao学以致用网] 
