这个 vbs 代码会做到这一点。这是为 splunk 摄取而创建的。
On Error Resume Next
Set objWMISvc = GetObject( "winmgmts:\\.\root\cimv2" )
Set colItems = objWMISvc.ExecQuery( "Select * from Win32_ComputerSystem", , 48 )
For Each objItem in colItems
strComputerName = objItem.Name
Next
CommandLine = "c:\windows\system32\inetsrv\w3wp.exe"
processName = "w3wp.exe"
QueryLine = "select * from win32_process where Name = " & """" & processName & """"
Computer = "."
Set WMIService = GetObject("winmgmts:\\" & Computer & "\root\cimv2")
Set Items = WMIService.ExecQuery(QueryLine, , 48)
For Each SubItems In Items
If inStr(SubItems.CommandLine, "0") Then
WScript.Echo "New Event:"
w3wpRunningCount = w3wpRunningCount + 1
WScript.Echo "CommandLine=" & SubItems.CommandLine
creationdate = SubItems.CreationDate
creationyear = Left(creationdate, 4)
creationmonth = Mid(creationdate, 5, 2)
creationday = Mid(creationdate, 7, 2)
WScript.Echo "CreationDate=" & creationmonth & "-" & creationday & "-" & creationyear
WScript.Echo "ProcessId=" & SubItems.ProcessId
WScript.Echo "ThreadCount=" & SubItems.ThreadCount
WScript.Echo "WorkingSetSizeMbytes=" & SubItems.WorkingSetSize/1024/1024
WScript.Echo "PeakWorkingSetSizeMbytes=" & SubItems.PeakWorkingSetSize/1024
WScript.Echo "PageFaults=" & SubItems.PageFaults
WScript.Echo "EstAddedLatencyInSec=" & SubItems.PageFaults*8/1000
WScript.Echo "PageFileUsageMbytes=" & SubItems.PageFileUsage/1024
WScript.Echo "PeakPageFileUsageMbytes=" & SubItems.PeakPageFileUsage/1024
checkProcessorTime(SubItems.ProcessId)
getclrmemoryobjectproperties(SubItems.ProcessId)
getclrexceptionsobjects(objectName)
getclrjitobjects(objectName)
getclrlocksandthreadsobjects(objectName)
getclrinteropobjects(objectName)
getclrloadingobjects(objectName)
getdpforsqlobjects(SubItems.ProcessId)
Next
WScript.Echo "New Event:"
wscript.Echo "w3wpRunningCount=" & w3wpRunningCount
machineinterrogationstart()
Function checkProcessorTime(PID)
set objService = getobject("winmgmts:")
Set objProcess = GetObject("winmgmts:{impersonationLevel=impersonate}//localhost")
Set objItems = objProcess.ExecQuery("Select PercentProcessorTime from Win32_PerfFormattedData_PerfProc_Process where IDProcess=" &PID& "")
for each objItem in objItems
Wscript.Echo "PercentCPU=" & objItem.PercentProcessorTime
Next
End Function
Function getclrmemoryobjectproperties(PID)
Set clrmemoryobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrmemory where ProcessId = " & """" & PID & """")
For Each clrmemoryobject in clrmemoryobjects
echo_out(clrmemoryobject.Name),"ProcessName"
echo_out(clrmemoryobject.AllocatedBytesPersec),"AllocatedBytesPersec"
echo_out(clrmemoryobject.FinalizationSurvivors),"FinalizationSurvivors"
echo_out(clrmemoryobject.Gen0heapsize),"Gen0heapsize"
echo_out(clrmemoryobject.Gen0PromotedBytesPerSec),"Gen0PromotedBytesPerSec"
echo_out(clrmemoryobject.Gen1heapsize),"Gen1heapsize"
echo_out(clrmemoryobject.Gen1PromotedBytesPerSec),"Gen1PromotedBytesPerSec"
echo_out(clrmemoryobject.Gen2heapsize),"Gen2heapsize"
echo_out(clrmemoryobject.LargeObjectHeapsize),"LargeObjectHeapsize"
echo_out(clrmemoryobject.NumberBytesinallHeaps),"NumberBytesinallHeaps"
echo_out(clrmemoryobject.NumberGCHandles),"NumberGCHandles"
echo_out(clrmemoryobject.NumberGen0Collections),"NumberGen0Collections"
echo_out(clrmemoryobject.NumberGen1Collections),"NumberGen1Collections"
echo_out(clrmemoryobject.NumberGen2Collections),"NumberGen2Collections"
echo_out(clrmemoryobject.NumberInducedGC),"NumberInducedGC"
echo_out(clrmemoryobject.NumberofPinnedObjects),"NumberofPinnedObjects"
echo_out(clrmemoryobject.NumberofSinkBlocksinuse),"NumberofSinkBlocksinuse"
echo_out(clrmemoryobject.NumberTotalcommittedBytes),"NumberTotalcommittedBytes"
echo_out(clrmemoryobject.NumberTotalreservedBytes),"NumberTotalreservedBytes"
echo_out(clrmemoryobject.PercentTimeinGC),"PercentTimeinGC"
echo_out(clrmemoryobject.PromotedFinalizationMemoryfromGen0),"PromotedFinalizationMemoryfromGen0"
echo_out(clrmemoryobject.PromotedMemoryfromGen0),"PromotedMemoryfromGen0"
echo_out(clrmemoryobject.PromotedMemoryfromGen1),"PromotedMemoryfromGen1"
objectName=clrmemoryobject.Name
Next
End Function
Function getclrexceptionsobjects(objectName)
Set clrexceptionsobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrexceptions where Name = " & """" & objectName & """")
For Each clrexceptionsobject in clrexceptionsobjects
echo_out(clrexceptionsobject.NumberofExcepsThrown),"NumberofExcepsThrown"
Next
End Function
Function getclrjitobjects(objectName)
Set clrjitobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrjit where Name = " & """" & objectName & """")
For Each clrjitobject in clrjitobjects
echo_out(clrjitobject.PercentTimeinJit),"PercentTimeinJit"
Next
End Function
Function getclrlocksandthreadsobjects(objectName)
Set clrlocksandthreadsobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrlocksandthreads where Name = " & """" & objectName & """")
For Each clrlocksandthreadsobject in clrlocksandthreadsobjects
echo_out(clrlocksandthreadsobject.NumberofcurrentlogicalThreads),"NumberofcurrentlogicalThreads"
echo_out(clrlocksandthreadsobject.NumberofcurrentphysicalThreads),"NumberofcurrentphysicalThreads"
echo_out(clrlocksandthreadsobject.CurrentQueueLength),"CurrentQueueLength"
echo_out(clrlocksandthreadsobject.ContentionRatePersec),"ContentionRatePersec"
Next
End Function
Function getclrinteropobjects(objectName)
Set clrinteropobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrinterop where Name = " & """" & objectName & """")
For Each clrinteropobject in clrinteropobjects
echo_out(clrinteropobject.NumberofStubs),"NumberofStubs"
Next
End Function
Function getclrloadingobjects(objectName)
Set clrloadingobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netframework_netclrloading where Name = " & """" & clrmemoryobject.Name & """")
For Each clrloadingobject in clrloadingobjects
echo_out(clrloadingobject.CurrentAssemblies),"CurrentAssemblies"
echo_out(clrloadingobject.RateofAssemblies),"RateofAssemblies"
echo_out(clrloadingobject.BytesinLoaderHeap),"BytesinLoaderHeap"
Next
End Function
Function getdpforsqlobjects(PID)
Set dpforsqlobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_netdataproviderforsqlserver_netdataproviderforsqlserver where Name like " & """%" & PID & "%""")
For Each dpforsqlobject in dpforsqlobjects
echo_out(dpforsqlobject.NumberOfActiveConnections),"SQLNumberofActiveConnections"
echo_out(dpforsqlobject.NumberOfFreeConnections),"SQLNumberOfFreeConnections"
echo_out(dpforsqlobject.SoftConnectsPerSecond),"SQLSoftConnectsPerSecond"
Next
End Function
Function machineinterrogationstart()
getaspobjects()
getaspappobjects()
End Function
Function getaspobjects()
Set aspobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_aspnet_aspnet")
for each aspobject in aspobjects
echo_out(aspobject.ApplicationRestarts),"ASPApplicationRestarts"
echo_out(aspobject.RequestExecutionTime),"ASPRequestExecutionTime"
echo_out(aspobject.RequestWaitTime),"ASPRequestWaitTime"
echo_out(aspobject.RequestsCurrent),"ASPRequestsCurrent"
echo_out(aspobject.WorkerProcessRestarts),"ASPWorkerProcessRestarts"
Next
End Function
Function getaspappobjects()
Set aspappobjects = WMIService.ExecQuery("select * from win32_perfformatteddata_aspnet_aspnetapplications")
for each aspappobject in aspappobjects
echo_out(aspappobject.CacheTotalHitRatio),"ASPAppCacheTotalHitRatio"
echo_out(aspappobject.CompilationsTotal),"ASPAppCompilationsTotal"
echo_out(aspappobject.ErrorsDuringExecution),"ASPAppErrorsDuringExecution"
echo_out(aspappobject.RequestsPerSec),"ASPAppRequestsPerSec"
Next
End Function
Function echo_out(propertyvalue,propertydescription)
wscript.echo propertydescription & "=" & propertyvalue
End Function