Custom Inventory can be used to gather recent Windows Events which are stored in Windows Management Interface (WMI). This article presents a sample custom inventory script and custom report that displays the custom inventory data. Please note that Symantec Support does not support custom scripting or reporting so modifications to the script and report must be made by the user.

1    Create a new custom data class that will store the registry information for each computer.

• Go to Settings>All Settings then Settings>Discovery and Inventory>Inventory Solution>Manage Custom Data Classes.
• Click New data class.
• Name the data class something appropriate (the example later uses "RebootTime") and click OK. Use this exact data class name later in the custom inventory script.
• Click Add attribute.
• Name the something appropriate (the example later uses "Date"), set Key to "No", and click OK.
• Click Save Changes at the bottom of the Manage Custom Data Classes page.
• Create additional attributes the same way for any other desired data fields such as Event Code or Message.

2    Create a Custom Inventory Script Task.

• Go to Manage>Jobs and Tasks.
• Browse the folder drop-down menu to an appropriate folder to create the custom inventory script task under.
• Right-click on the folder, then select New>Task.
• Select the Run Script task.
• Name the task appropriately.
• Select Script type: VBScript.
• Copy and paste the entire vbscript below into the large text box of the script task, then edit the script as directed by the comments (noted by ‘****).

'Create instance of Wbem service object and connect to namespace
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Fire WMI Query on Windows Events dataclass
Set objCIMObj = objWMIService.ExecQuery("Select * from Win32_NTLogEvent where eventcode like 6006") '****Your event query here

'Create instance of Altiris NSE component
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}" 'Do Not Change this GUID
nse.Priority = 1
dim objDCInstance
set objDCInstance = nse.AddDataClass ("RebootTime") '****Your custom data class name here

dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)

For each objInfo in objCIMObj
 'Add a new row
 dim objDataRow
 set objDataRow = objDataClass.AddRow
 'Set columns
 objDataRow.SetField 0, objInfo.TimeGenerated
 '****If your data class has more than one attribute add a line for each
 'objDataRow.SetField 1, objInfo.EventCode
Next

nse.SendQueued
'Uncomment the line below for troubleshooting
'MsgBox nse.Xml

3    Run the Custom Inventory Script task.

• Click on New Schedule, choose Now or specify a schedule time and repeat interval.
• Specify target computers to run the task on.
• To target a single computer click in the Quick add: box and search for the name of the computer, or use the Quick Run feature instead of New Schedule.
• To target a list of computers click on Add>Computers or Devices then manually select the desired computers and click > and OK.
• To target a computer filter (such as All Computers) click on Add>Target, click Add rule, choose exclude computers not in, and search the name of the filter in the final drop-down box, then click OK.

4    Create a Custom Report to view the data collected by the custom inventory.

• Go to Reports>All Reports.
• Browse to an appropriate folder to create the custom report under and right-click on the folder.
• Select New>Report>SQL Report.
• Give the report an appropriate name.
• Replace the text under Parameterized Query with the following query.

select vc.[Name], idc.Date
from Inv_RebootTime as idc
left join vComputer as vc on vc.Guid = idc._ResourceGuid

• Change "Inv_RebootTime" to "Inv_" then the name of the custom data class created in step 1. Replace spaces in the data class name with underscores (_).
• Replace "idc.Date" with "idc." then the name of the attribute created in step 1.
• Click Save Changes and then view the collected custom inventory data for each computer.