OPTION Explicit
DIM strEventSinkDBConn, strComputers, objEventSinkDB, strDBQuery, objWMIconn, objSink
DIM intRecordNumber, strLogFile, intEventIdentifier, intEventCode, strSourceName
DIM strType, strCategory, strCategoryType, strUser, strComputerName, strMessage
DIM dtTimeGenerated, dtTimeWritten 

strEventSinkDBConn="DSN=EventSink" 			'Set the connection string to the name of the DSN 
											'IP address or computer name, comma separated
strComputers=Array("127.0.0.1")	'names within quotes eg ("machine1","127.0.0.1")
Set objEventSinkDB=CreateObject("ADODB.Connection")	'Create an ADODB connection object
objEventSinkDB.commandtimeout=90
objEventSinkDB.Open strEventSinkDBConn		'Open that connection
CreateEventSink(strComputers)				'Sets up EventSink

'***************************************************************************************
Do While True			'this loop is designed to run forever 
	WScript.Sleep(5000)	'checking for events at interval
Loop				'low impact delay between checks, in milliseconds
'***************************************************************************************

'***************************************************************************************
SUB CreateEventSink(strComputers)
   DIM intCounter, strComputerName
   On Error Resume Next
   FOR intcounter = 0 TO UBound(strComputers)
strComputerName = TRIM(strComputers(intCounter))
Set objWMIconn = GetObject("WinMgmts:{impersonationLevel=impersonate,authenticationLevel=PktPrivacy, (security)}!\\"&strComputerName)
	If Err <> 0 Then
		WScript.Echo Err.Number & VbCr
		WScript.Echo Err.Description
		Err.Clear
		Exit Sub
	End If
	Set objSink = WScript.CreateObject("WbemScripting.SWbemSink","objSink_")
	objWMIconn.ExecNotificationQueryAsync objSink, "select * from __instancecreationevent where targetinstance isa 'Win32_NTLogEvent'"
	If Err <> 0 Then
		WScript.Echo Err.Number & VbCr
		WScript.Echo Err.Description
		Err.Clear
		Exit Sub
	End If
   NEXT 
   On Error Goto 0
END SUB
'***************************************************************************************

'***************************************************************************************
SUB objSink_OnObjectReady(objWMIObject, objWMIAsyncContext)
	strComputerName =(objWMIObject.TargetInstance.ComputerName)
	strLogFile =(objWMIObject.TargetInstance.LogFile)
	IF LEN(strLogFile)=0 THEN strLogFile=""
	intRecordNumber =(objWMIObject.TargetInstance.RecordNumber) 
	IF NOT ISNUMERIC(intRecordNumber) THEN intRecordNumber=0
	strSourceName =(objWMIObject.TargetInstance.SourceName)
	intEventIdentifier =(objWMIObject.TargetInstance.EventIdentifier)
	intEventCode =(objWMIObject.TargetInstance.EventCode)
	strType =(objWMIObject.TargetInstance.Type) 
	strCategory =(objWMIObject.TargetInstance.Category)
	strCategoryType =(objWMIObject.TargetInstance.CategoryString)
	dtTimeGenerated =FixDateFormat(objWMIObject.TargetInstance.TimeGenerated)
	dtTimeWritten =FixDateFormat(objWMIObject.TargetInstance.TimeWritten)
	strUser =(objWMIObject.TargetInstance.User)
	strMessage =CleanString(objWMIObject.TargetInstance.Message)
	WriteToDB objEventSinkDB 
END SUB
'***************************************************************************************

'***************************************************************************************
SUB WriteToDB(ByRef objEventSinkDB)
     strDBQuery ="INSERT INTO tblInbound (EventDateTime, ComputerName, LogFile, RecordNumber, SourceName, EventIdentifier, EventCode, Type, Category, CategoryString, TimeGenerated, TimeWritten, [User], Message) VALUES (GETDATE(), '"&strComputerName&"', '"&strLogFile&"', "&intRecordNumber&", '"&strSourceName&"',"&intEventIdentifier&", "&intEventCode&", '"&strType&"', '"&strCategory &"', '"&strCategoryType&"', '"&dtTimeGenerated&"', '"&dtTimeWritten&"', '"&strUser&"', '"&strMessage&"');"
     'WScript.Echo "Writing Event to DB at:" & NOW() & VbCr	'uncomment for debug
     On Error Resume Next
     objEventSinkDB.Execute(strDBQuery)
	If Err <> 0 Then
		WScript.Echo "Error# " & Err.Number & VbCr
		WScript.Echo "Error: " & Err.Description & VbCr
		WScript.Echo "SQL Query: " & strDBQuery		
		Err.Clear
		Exit Sub
	End If
      On Error Goto 0
END SUB
'***************************************************************************************

'====================================================================
FUNCTION FixDateFormat(objEventDateFormat)				'convets the date/time format to one that VBScipt/SQL likes
    FixDateFormat = CDate(DateSerial(Left(objEventDateFormat,4),Mid(objEventDateFormat,5,2),Mid(objEventDateFormat,7,2)) + TimeSerial(Mid(objEventDateFormat,9,2),Mid(objEventDateFormat,11,2),Mid(objEventDateFormat,13,2)))
END FUNCTION
'====================================================================

'====================================================================
FUNCTION CleanString(strForCleaning)
	CleanString = REPLACE(strForCleaning,"'","`")		'simply swaps out single quotes and replaces with `
END FUNCTION
'====================================================================