We're having an issue where randomly users will be disconnected from their Citrix session. It doesn't happen a lot, but on the aggregate it's becoming a nuisance for our user community. Unfortunately, we don't get good information from our users to help pinpoint the issue. When we ask them to try and track the times it happens, we'll get one or two notices for a day or two and then it dwindles off. In perusing the event logs, I found that each disconnect is actually logged as an event from the source "Metaframe" with an EventID of 9007. The message of the event contains the user name.
So, if I could write a utility that will cull the useful data from the logs, I wouldt need to rely on users. I can find the exact date and time of each disconnect and with the help of our Network team, we might be able to pinpoint where the issue actually lies. So, to that end I did a little research as I'm familiar with reading frmo the eventlogs with VBscript, but I'm trying to do more with VB.net since I can use the VB 2008 Express Edition for free. The first issue I encountered was that pulling EventIDs is a deprecated propert, and I had to use the EventLog object's InstanceID property instead. The results recieved from this property need to have the top two bits masked off in order to get the EventID. That's what's going on in the "intEventID = objentry.InstanceID And &HFFFFFF" line:
Public Sub ListEventLog()
Dim objLog = New EventLog()
Dim intEventID As Integer
Dim strUsername(), strEventMessage, strDate, strTime, strDateTime() As String
objLog.Log = "System"
For Each objentry In objLog.Entries
intEventID = objentry.InstanceID And &HFFFFFF
If intEventID = 9007 Then
strEventMessage = objentry.Message
strUsername = strEventMessage.Split("\")
strDateTime = Split(objentry.TimeGenerated, " ")
strDate = strDateTime(0)
strTime = strDateTime(1) & " " & strDateTime(2)
Console.WriteLine(strDate & "," & strTime & "," & strUsername(1))
End If
Next
End Sub
Once compiled, you simply run this utility piping the output to a text file. You then have a nice CSV you can pull up in Excel to process the data with.
So, if I could write a utility that will cull the useful data from the logs, I wouldt need to rely on users. I can find the exact date and time of each disconnect and with the help of our Network team, we might be able to pinpoint where the issue actually lies. So, to that end I did a little research as I'm familiar with reading frmo the eventlogs with VBscript, but I'm trying to do more with VB.net since I can use the VB 2008 Express Edition for free. The first issue I encountered was that pulling EventIDs is a deprecated propert, and I had to use the EventLog object's InstanceID property instead. The results recieved from this property need to have the top two bits masked off in order to get the EventID. That's what's going on in the "intEventID = objentry.InstanceID And &HFFFFFF" line:
Public Sub ListEventLog()
Dim objLog = New EventLog()
Dim intEventID As Integer
Dim strUsername(), strEventMessage, strDate, strTime, strDateTime() As String
objLog.Log = "System"
For Each objentry In objLog.Entries
intEventID = objentry.InstanceID And &HFFFFFF
If intEventID = 9007 Then
strEventMessage = objentry.Message
strUsername = strEventMessage.Split("\")
strDateTime = Split(objentry.TimeGenerated, " ")
strDate = strDateTime(0)
strTime = strDateTime(1) & " " & strDateTime(2)
Console.WriteLine(strDate & "," & strTime & "," & strUsername(1))
End If
Next
End Sub
Once compiled, you simply run this utility piping the output to a text file. You then have a nice CSV you can pull up in Excel to process the data with.
No comments:
Post a Comment