[转载]脚本 监视相关
<P>信息来源:邪恶八进制信息安全团队(<A href="http://www.eviloctal.com">www.eviloctal.com</A>)<BR>邪恶八进制综合整理</P><H1>基准性能监视</H1>
<DIV class=date></DIV>
<DIV style="HEIGHT: 18px"></DIV>
<P><B>描述</B></P>
<P>使用加热的性能计数器和 SWbemRefresher 对象监视计算机上的三个性能计数器,并且将该数据保存到一个文本文件。需要 Windows XP 或 Windows Server 2003。</P>
<P><B>脚本代码</B></P><PRE class=codeSample>Const ForAppending = 8
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set objRefresher = CreateObject("WbemScripting.Swbemrefresher")
Set objMemory = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfOS_Memory").objectSet
Set objDiskSpace = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfDisk_LogicalDisk").objectSet
Set objQueueLength = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfNet_ServerWorkQueues").objectSet
objRefresher.Refresh
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile _
("c:\scripts\performance.csv", ForAppending, True)
For I = 1 to 10
For each intAvailableBytes in objMemory
objLogFile.Write(intAvailableBytes.AvailableMBytes) & ","
Next
For each intQueueLength in objDiskSpace
objLogFile.Write(intQueueLength.CurrentDiskQueueLength) & ","
Next
For each intServerQueueLength in objQueueLength
objLogFile.Write(intServerQueueLength.QueueLength) & ","
Next
objLogFile.Write VbCrLf
Wscript.Sleep 10000
objRefresher.Refresh
Next
objLogFile.Close
<H1>配置信任关系属性</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>配置信任关系刷新和验证属性。需要 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftActiveDirectory")
Set colTrustList = objWMIService.ExecQuery _
("Select * from Microsoft_TrustProvider")
For Each objTrust in colTrustList
objTrust.TrustListLifetime = 25
objTrust.TrustStatusLifetime = 10
objTrust.TrustCheckLevel = 1
objTrust.Put_
Next
<H1>创建永久事件消费程序</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>创建一个永久事件消费程序来监视服务状态中的改变。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\default")
Set objConsumerType = objWMIService.get("SMTPEventConsumer")
Set objConsumer = objConsumerType.SpawnInstance_
objConsumer.Name = "Service Monitor Consumer"
objConsumer.Message = "A service has changed state."
objConsumer.SMTPServer = "mailserver.fabrikam.com"
objConsumer.Subject = "Service state change"
objConsumer.ToLine = "administrator@fabrikam.com"
objConsumer.Put_
<H1>创建永久事件过滤器</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>创建一个永久事件过滤器来监视服务状态中的改变。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\default")
strFilterQuery = "Select * from __InstanceModificationEvent within 3 " & _
"where TargetInstance isa 'Win32_Service'"
Set objFilterClass = objWMIService.get("__EventFilter")
Set objFilter = objFilterClass.SpawnInstance_
objFilter.Name = "Service Monitor Filter"
objFilter.QueryLanguage = "wql"
objFilter.Query = strFilterQuery
objFilter.Put_
<H1>枚举 Active Directory 数据库复制伙伴</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>返回域控制器的 Active Directory 复制合作伙伴的列表。需要 Windows .NET Server。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftActiveDirectory")
Set colReplicationOperations = objWMIService.ExecQuery _
("Select * from MSAD_ReplNeighbor")
For each objReplicationJob in colReplicationOperations
Wscript.Echo objReplicationJob.Domain
Wscript.Echo objReplicationJob.NamingContextDN
Wscript.Echo objReplicationJob.SourceDsaDN
Wscript.Echo objReplicationJob.LastSyncResult
Wscript.Echo objReplicationJob.NumConsecutiveSyncFailures
Next
<H1>枚举信任合作伙伴的域信息</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>返回本地域信息。需要 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftACtiveDirectory")
Set colDomainInfo = objWMIService.ExecQuery _
("Select * from Microsoft_LocalDOmainInfo")
For each objDomain in colDomainInfo
Wscript.Echo objDomain.DNSName
Wscript.Echo objDomain.FlatName
Wscript.Echo objDomain.SID
Wscript.Echo objDomain.TreeName
Wscript.Echo objDomain.DCName
Next
<H1>枚举信任关系</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>枚举信任关系。需要 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftActiveDirectory")
Set colTrustList = objWMIService.ExecQuery _
("Select * from Microsoft_DomainTrustStatus")
For each objTrust in colTrustList
Wscript.Echo objTrust.TrustedDomain
Wscript.Echo objTrust.TrustDirection
Wscript.Echo objTrust.TrustType
Wscript.Echo objTrust.TrustAttributes
Wscript.Echo objTrust.TrustedDCName
Wscript.Echo objTrust.TrustStatus
Wscript.Echo objTrust.TrustIsOK
Next
<H1>安装 Active Directory 数据库性能计数器</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>在域控制器上安装 Active Directory 数据库性能计数器。</P><P><B>脚本代码</B></P><PRE class=codeSample>Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Shell.Application")
objFSO.CreateFolder ("C:\Performance")
Set objCopyFile = objFSO.GetFile("C:\windows\system32\esentprf.dll ")
objCopyFile.Copy ("C:\performance\esentprf.dll ")
WshShell.RegWrite _
"HKLM\System\CurrentControlSet\Services\Esent\Performance\Open", _
"OpenPerformanceData", "REG_SZ"
WshShell.RegWrite _
"HKLM\System\CurrentControlSet\Services\Esent\Performance\Collect", _
"CollectPerformanceData", "REG_SZ"
WshShell.RegWrite _
"HKLM\System\CurrentControlSet\Services\Esent\Performance\Close", _
"ClosePerformanceData", "REG_SZ"
WshShell.RegWrite _
"HKLM\System\CurrentControlSet\Services\Esent\Performance\Library", _
"C:\Performance\Esentprf.dll", "REG_SZ"
strCommandText = "%comspec% /c lodctr.exe c:\windows\system32\esentprf.ini"
WshShell.Run strCommandText<BR><H1>监视 Active Directory 复制</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>返回域控制器上待处理的复制工作的列表。需要 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftActiveDirectory")
Set colReplicationOperations = objWMIService.ExecQuery _
("Select * from MSAD_ReplPendingOp")
If colReplicationOperations.Count = 0 Then
Wscript.Echo "There are no replication jobs pending."
Wscript.Quit
Else
For each objReplicationJob in colReplicationOperations
Wscript.Echo objReplicationJob.SerialNumber
Wscript.Echo objReplicationJob.TimeEnqueued
Wscript.Echo objReplicationJob.DsaDN
Wscript.Echo objReplicationJob.DsaAddress
Wscript.Echo objReplicationJob.NamingContextDn
Next
End If
<H1>监视可用磁盘空间</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>如果计算机上任何硬盘的磁盘空间降到 100 MB 以下就发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>Const LOCAL_HARD_DISK = 3
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredDisks = objWMIService.ExecNotificationQuery _
("Select * from __instancemodificationevent within 30 where " _
& "TargetInstance isa 'Win32_LogicalDisk'")
i = 0
Do While i = 0
Set objDiskChange = colMonitoredDisks.NextEvent
If objDiskChange.TargetInstance.DriveType = LOCAL_HARD_DISK Then
If objDiskChange.TargetInstance.Size < 100000000 Then
Wscript.Echo "Hard disk space is below 100000000 bytes."
End If
End If
Loop
<H1>监视可用内存数量</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>如果计算机上的可用内存数量降到 4 MB 以下就发出警报。需要 Windows XP 或 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set objRefresher = CreateObject("WbemScripting.SWbemRefresher")
Set objMemory = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfOS_Memory").objectSet
objRefresher.Refresh
Do
For each intAvailableBytes in objMemory
If intAvailableBytes.AvailableMBytes < 4 Then
Wscript.Echo "Available memory has fallen below 4 megabytes."
End If
Next
objRefresher.Refresh
Loop
<H1>监视计算机电源状态的改变</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>如果计算机的电源状态发生改变(例如进入或离开挂起模式)就发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>Set colMonitoredEvents = GetObject("winmgmts:")._
ExecNotificationQuery("Select * from Win32_PowerManagementEvent")
Do
Set strLatestEvent = colMonitoredEvents.NextEvent
Wscript.Echo strLatestEvent.EventType
Loop
<H1>监视服务状态的改变</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>在任何时候只要服务状态发生改变(例如,活动服务暂停或停止),临时时间消费程序就发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService. _
ExecNotificationQuery("Select * from __instancemodificationevent " _
& "within 30 where TargetInstance isa 'Win32_Service'")
i = 0
Do While i = 0
Set objService = colServices.NextEvent
If objService.TargetInstance.State <> _
objService.PreviousInstance.State Then
Wscript.Echo objService.TargetInstance.Name _
& " is " & objService.TargetInstance.State _
& ". The service previously was " & objService.PreviousInstance.State & "."
End If
Loop
<H1>监视计算机的可用性</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用 Win32_PingStatus 类别验证是否可以通过网络访问计算机。需要 Windows XP 或 Windows .NET Server。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colPingedComputers = objWMIService.ExecQuery _
("Select * from Win32_PingStatus Where Address = '192.168.1.37'")
For each objComputer in colPingedComputers
If objComputer.StatusCode = 0 Then
Wscript.Echo "Remote computer responded."
Else
Wscript.Echo "Remote computer did not respond."
End If
Next
<H1>监视计算机健康状况</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用加热的性能计数器和 SWbemRefresher 对象监视计算机上的三个性能计数器。如果三个计数器中的任何一个超过指定的域值就发出警报。需要 Windows XP 或 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set objRefresher = CreateObject("WbemScripting.Swbemrefresher")
Set objMemory = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfOS_Memory").objectSet
Set objDiskQueue = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfDisk_LogicalDisk"). _
objectSet
Set objQueueLength = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfNet_ServerWorkQueues"). _
objectSet
objRefresher.Refresh
intHealthStatus = 0
Do
For each intAvailableBytes in objMemory
If intAvailableBytes.AvailableMBytes < 4 Then
intHealthStatus = intHealthStatus + 1
End If
Next
For each intQueueLength in objDiskQueue
If intQueueLength.CurrentDiskQueueLength > 2 Then
intHealthStatus = intHealthStatus + 1
End If
Next
For each intServerQueueLength in objQueueLength
If intServerQueueLength.QueueLength > 4 Then
intHealthStatus = intHealthStatus + 1
End If
Next
If intHealthStatus > 0 Then
Wscript.Echo "Unhealthy."
Else
Wscript.Echo "Healthy."
End If
intHealthStatus = 0
Wscript.Sleep 10000
objRefresher.Refresh
Loop
<H1>监视计算机的正常运行时间</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>计算计算机从上一次启动以来的天数。需要 Windows XP 或 Windows .NET Server。</P><P><B>脚本代码</B></P><PRE class=codeSample>Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOS in colOperatingSystems
dtmConvertedDate.Value = objOS.LastBootUpTime
dtmLastBootUpTime = dtmConvertedDate.GetVarDate
dtmSystemUptime = DateDiff("d", dtmLastBootUpTime, Now)
Wscript.Echo dtmSystemUptime
Next
<H1>监视每秒的磁盘字节数</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用加热的性能计数器监视计算机上每秒的磁盘字节数。需要 Windows XP 或 Windows Server 2003。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set objRefresher = CreateObject("WbemScripting.SWbemRefresher")
Set colDiskDrives = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfDisk_LogicalDisk").objectSet
objRefresher.Refresh
For i = 1 to 500
For Each objDiskDrive in colDiskDrives
Wscript.Echo "Drive name: " & objDiskDrive.Name
Wscript.Echo "Disk bytes per second: " & objDiskDrive.DiskBytesPerSec
Wscript.Sleep 2000
objRefresher.Refresh
Next
Next
<H1>监视磁盘驱动器的剩余空间</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用加热的性能计数器检索计算机上的剩余磁盘空间。需要 Windows XP 或 Windows .NET Server。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colDiskDrives = objWMIService.ExecQuery _
("Select * from win32_perfformatteddata_perfdisk_logicaldisk where Name <> '_Total'")
For each objDiskDrive in colDiskDrives
Wscript.Echo "Drive Name: " & objDiskDrive.Name
Wscript.Echo "Free Space: " & objDiskDrive.FreeMegabytes
Next
<H1>监视域控制器的性能</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colDatabases = objWMIService.ExecQuery _
("Select * from Win32_PerfFormattedData_NTDS_NTDS")
For Each objADDatabase in colDatabases
Wscript.Echo objADDatabase.DSThreadsInUse
Wscript.Echo objADDatabase.LDAPBindTime
Wscript.Echo objADDatabase.LDAPClientSessions
Next
<H1>监视事件日志</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>创建临时事件消费程序来监视事件 ID 为 533 的事件日志。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=
impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("Select * from __instancecreationevent where TargetInstance isa
'Win32_NTLogEvent' and TargetInstance.EventCode = '533' ")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
strAlertToSend = objLatestEvent.TargetInstance.User _
& " attempted to access DatabaseServer."
Wscript.Echo strAlertToSend
Loop
<H1>监视 FRS 复制</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用加热的性能计数器监视域控制器上的文件复制服务性能。需要 Windows .NET Server。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colFRSSet = objWMIService.ExecQuery _
("Select * from Win32_PerfFormattedData_FileReplicaConn_FileReplicaConn")
For Each objFRSInstance in colFRSSet
Wscript.Echo objFRSInstance.RemoteChangeOrdersReceived
Wscript.Echo objFRSInstance.RemoteChangeOrdersSent
Wscript.Echo objFRSInstance.PacketsSent
Next
<H1>监视进程的可用性</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>识别假定的进程数据库是否正在运行。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = 'Database.exe'")
If colProcesses.Count = 0 Then
Wscript.Echo "Database.exe is not running."
Else
Wscript.Echo "Database.exe is running."
End If
<H1>监视进程的创建</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>在每次创建新的进程时,临时事件消费程序都发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancecreationevent " _
& " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess = colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
<H1>监视进程的删除</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>在每次进程终止时,临时事件消费程序都发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancedeletionevent " _
& "within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess = colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
<H1>监视处理器的使用情况</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>使用加热的性能计数器监视计算机处理器的使用情况。如果处理器的使用率在 10 次连续测量(测量时间间隔为 6 秒)中均超过 90% 就发出警报。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set objRefresher = CreateObject("WbemScripting.Swbemrefresher")
Set objProcessor = objRefresher.AddEnum _
(objWMIService, "Win32_PerfFormattedData_PerfOS_Processor").objectSet
intThresholdViolations = 0
objRefresher.Refresh
Do
For each intProcessorUse in objProcessor
If intProcessorUse.PercentProcessorTime > 90 Then
intThresholdViolations = intThresholdViolations + 1
If intThresholdViolations = 10 Then
intThresholdViolations = 0
Wscript.Echo "Processor usage threshold exceeded."
End If
Else
intThresholdViolations = 0
End If
Next
Wscript.Sleep 6000
objRefresher.Refresh
Loop
<H1>监视进程使用处理器的情况</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>报告运行在计算机上的每个进程使用处理器的时间(以秒为单位)。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_process")
For Each objProcess in colProcesses
sngProcessTime = ( CSng(objProcess.KernelModeTime) + _
CSng(objProcess.UserModeTime)) / 10000000
Wscript.echo objProcess.name & VbTab & sngProcessTime
Next
<H1>监视进程的性能</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>报告运行在计算机上的所有进程的统计信息(例如线程计数和工作集大小)。</P><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process")
For Each objProcess in colProcessList
Wscript.Echo "Process: " & objProcess.Name
Wscript.Echo "Process ID: " & objProcess.ProcessID
Wscript.Echo "Thread Count: " & objProcess.ThreadCount
Wscript.Echo "Page File Size: " & objProcess.PageFileUsage
Wscript.Echo "Page Faults: " & objProcess.PageFaults
Wscript.Echo "Working Set Size: " & objProcess.WorkingSetSize
Next
<H1>确定系统的正常运行时间</H1><DIV class=date>更新日期: 2/17/2003</DIV><DIV style="HEIGHT: 18px"></DIV><P><B>描述</B></P><P>计算系统的正常运行时间;即计算机从上一次启动以来运行的小时数。</P><P>有关在这段代码中使用的 Win32_OperatingSystem 类别的更多信息,请单击<A href="http://msdn.microsoft.com/library/en-us/wmisdk/wmi/win32_operatingsystem.asp">此处</A>。</P><P><B>支持平台</B></P><TABLE class=dataTable id=EGAA cellSpacing=0 cellPadding=0><THEAD></THEAD><TBODY><TR class=record vAlign=top><TD><P class=lastInCell><B>Windows XP</B></P></TD><TD style="BORDER-RIGHT: #cccccc 1px solid"><P class=lastInCell><B>是</B></P></TD></TR><TR class=evenRecord vAlign=top><TD><P class=lastInCell><B>Windows Server 2003</B></P></TD><TD style="BORDER-RIGHT: #cccccc 1px solid"><P class=lastInCell><B>是</B></P></TD></TR><TR class=record vAlign=top><TD><P class=lastInCell><B>Windows 2000</B></P></TD><TD style="BORDER-RIGHT: #cccccc 1px solid"><P class=lastInCell><B>是</B></P></TD></TR><TR class=evenRecord vAlign=top><TD><P class=lastInCell><B>Windows NT 4.0</B></P></TD><TD style="BORDER-RIGHT: #cccccc 1px solid"><P class=lastInCell><B>Yes, with </B><A href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=afe41f46-e213-4cbf-9c5b-fbf236e0e875">WMI</A><B> installed</B></P></TD></TR><TR class=record vAlign=top><TD><P class=lastInCell><B>Windows 98</B></P></TD><TD style="BORDER-RIGHT: #cccccc 1px solid"><P class=lastInCell><B>Yes, with </B><A href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=afe41f46-e213-4cbf-9c5b-fbf236e0e875">WMI</A><B> installed</B></P></TD></TR></TBODY></TABLE><DIV class=dataTableBottomMargin></DIV><P><B>脚本代码</B></P><PRE class=codeSample>strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOS in colOperatingSystems
dtmBootup = objOS.LastBootUpTime
dtmLastBootupTime = WMIDateStringToDate(dtmBootup)
dtmSystemUptime = DateDiff("h", dtmLastBootUpTime, Now)
Wscript.Echo dtmSystemUptime
Next
Function WMIDateStringToDate(dtmBootup)
WMIDateStringToDate = CDate(Mid(dtmBootup, 5, 2) & "/" & _
Mid(dtmBootup, 7, 2) & "/" & Left(dtmBootup, 4) _
& " " & Mid (dtmBootup, 9, 2) & ":" & _
Mid(dtmBootup, 11, 2) & ":" & Mid(dtmBootup, _
13, 2))
End Function
</PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE></PRE>
页:
[1]